openapi: 3.0.1
info:
title: Identity Security Cloud V2025 API
description: 'Use these APIs to interact with the Identity Security Cloud platform to achieve repeatable, automated processes with greater scalability. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.'
termsOfService: 'https://developer.sailpoint.com/discuss/tos'
contact:
name: Developer Relations
url: 'https://developer.sailpoint.com/discuss/api-help'
license:
name: MIT
url: 'https://opensource.org/licenses/MIT'
version: v2025
servers:
- url: 'https://{tenant}.api.identitynow.com/v2025'
description: This is the production API server.
variables:
tenant:
default: sailpoint
description: 'This is the name of your tenant, typically your company''s name.'
- url: 'https://{apiUrl}/v2025'
description: This is the V2025 API server.
variables:
apiUrl:
default: sailpoint.api.identitynow.com
description: This is the api url of your tenant
tags:
- name: Access Model Metadata
description: |
Use this API to create and manage metadata attributes for your Access Model.
Access Model Metadata allows you to add contextual information to your ISC Access Model items using pre-defined metadata for risk, regulations, privacy levels, etc., or by creating your own metadata attributes to reflect the unique needs of your organization. This release of the API includes support for entitlement metadata. Support for role and access profile metadata will be introduced in a subsequent release.
Common usages for Access Model metadata include:
- Organizing and categorizing access items to make it easier for your users to search for and find the access rights they want to request, certify, or manage.
- Providing richer information about access that is being acted on to allow stakeholders to make better decisions when approving, certifying, or managing access rights.
- Identifying access that may requires additional approval requirements or be subject to more frequent review.
- name: Access Profiles
description: |
Use this API to implement and customize access profile functionality.
With this functionality in place, administrators can create access profiles and configure them for use throughout Identity Security Cloud, enabling users to get the access they need quickly and securely.
Access profiles group entitlements, which represent access rights on sources.
For example, an Active Directory source in Identity Security Cloud can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.
An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.
When users only need Active Directory employee access, they can request access to the 'Employees' entitlement.
When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.
Identity Security Cloud uses access profiles in many features, including the following:
- Provisioning: When you use the Provisioning Service, lifecycle states and roles both grant access to users in the form of access profiles.
- Certifications: You can approve or revoke access profiles in certification campaigns, just like entitlements.
- Access Requests: You can assign access profiles to applications, and when a user requests access to the app associated with an access profile and someone approves the request, access is granted to both the application and its associated access profile.
- Roles: You can group one or more access profiles into a role to quickly assign access items based on an identity's role.
In Identity Security Cloud, administrators can use the Access drop-down menu and select Access Profiles to view, configure, and delete existing access profiles, as well as create new ones.
Administrators can enable and disable an access profile, and they can also make the following configurations:
- Manage Entitlements: Manage the profile's access by adding and removing entitlements.
- Access Requests: Configure access profiles to be requestable and establish an approval process for any requests that the access profile be granted or revoked.
Do not configure an access profile to be requestable without first establishing a secure access request approval process for the access profile.
- Multiple Account Options: Define the logic Identity Security Cloud uses to provision access to an identity with multiple accounts on the source.
Refer to [Managing Access Profiles](https://documentation.sailpoint.com/saas/help/access/access-profiles.html) for more information about access profiles.
- name: Access Request Approvals
description: |
Use this API to implement and customize access request approval functionality.
With this functionality in place, administrators can delegate qualified users to review users' requests for access or managers' requests to revoke team members' access to applications, entitlements, or roles.
This enables more qualified users to review access requests and the others to spend their time on other tasks.
In Identity Security Cloud, users can request access to applications, entitlements, and roles, and managers can request that team members' access be revoked.
For applications and entitlements, administrators can set access profiles to require approval from the access profile owner, the application owner, the source owner, the requesting user's manager, or a governance group for access to be granted or revoked.
For roles, administrators can also set roles to allow access requests and require approval from the role owner, the requesting user's manager, or a governance group for access to be granted or revoked.
If the administrator designates a governance group as the required approver, any governance group member can approve the requests.
When a user submits an access request, Identity Security Cloud sends the first required approver in the queue an email notification, based on the access request configuration's approval and reminder escalation configuration.
In Approvals in Identity Security Cloud, required approvers can view pending access requests under the Requested tab and approve or deny them, or the approvers can reassign the requests to different reviewers for approval.
If the required approver approves the request and is the only reviewer required, Identity Security Cloud grants or revokes access, based on the request.
If multiple reviewers are required, Identity Security Cloud sends the request to the next reviewer in the queue, based on the access request configuration's approval reminder and escalation configuration.
The required approver can then view any completed access requests under the Reviewed tab.
Refer to [Access Requests](https://documentation.sailpoint.com/saas/help/requests/index.html) for more information about access request approvals.
- name: Access Request Identity Metrics
description: |
Use this API to implement access request identity metrics functionality.
With this functionality in place, access request reviewers can see relevant details about the requested access item and associated source activity.
This allows reviewers to see how many of the identities who share a manager with the access requester have this same type of access and how many of them have had activity in the related source.
This additional context about whether the access has been granted before and how often it has been used can help those approving access requests make more informed decisions.
- name: Access Requests
description: |
Use this API to implement and customize access request functionality.
With this functionality in place, users can request access to applications, entitlements, or roles, and managers can request that team members' access be revoked.
This allows users to get access to the tools they need quickly and securely, and it allows managers to take away access to those tools.
Identity Security Cloud's Access Request service allows end users to request access that requires approval before it can be granted to users and enables qualified users to review those requests and approve or deny them.
In the Request Center in Identity Security Cloud, users can view available applications, roles, and entitlements and request access to them.
If the requested tools requires approval, the requests appear as 'Pending' under the My Requests tab until the required approver approves, rejects, or cancels them.
Users can use My Requests to track and/or cancel the requests.
In My Team on the Identity Security Cloud Home, managers can submit requests to revoke their team members' access.
They can use the My Requests tab under Request Center to track and/or cancel the requests.
Refer to [Requesting Access](https://documentation.sailpoint.com/saas/user-help/requests/requesting_access.html) for more information about access requests.
- name: Account Activities
description: |
Use this API to implement account activity tracking functionality.
With this functionality in place, users can track source account activity in Identity Security Cloud, which greatly improves traceability in the system.
An account activity refers to a log of each action performed on a source account. This is useful for auditing the changes performed on an account throughout its life.
In Identity Security Cloud's Search, users can search for account activities and select the activity's row to get an overview of the activity's account action and view its progress, its involved sources, and its most basic metadata, such as the identity requesting the option and the recipient.
Account activity includes most actions Identity Security Cloud completes on source accounts. Users can search in Identity Security Cloud for the following account action types:
- Access Request: These include any access requests the source account is involved in.
- Account Attribute Updates: These include updates to a single attribute on an account on a source.
- Account State Update: These include locking or unlocking actions on an account on a source.
- Certification: These include actions removing an entitlement from an account on a source as a result of the entitlement's revocation during a certification.
- Cloud Automated `Lifecyclestate`: These include automated lifecycle state changes that result in a source account's correlated identity being assigned to a different lifecycle state.
Identity Security Cloud replaces the `Lifecyclestate` variable with the name of the lifecycle state it has moved the account's identity to.
- Identity Attribute Update: These include updates to a source account's correlated identity attributes as the result of a provisioning action.
When you update an identity attribute that also updates an identity's lifecycle state, the cloud automated `Lifecyclestate` event also displays.
Account Activity does not include attribute updates that occur as a result of aggregation.
- Identity Refresh: These include correlated identity refreshes that occur for an account on a source whenever the account's correlated identity profile gets a new role or updates.
These also include refreshes that occur whenever Identity Security Cloud assigns an application to the account's correlated identity based on the application's being assigned to All Users From Source or Specific Users From Source.
- Lifecycle State Refresh: These include the actions that took place when a lifecycle state changed. This event only occurs after a cloud automated `Lifecyclestate` change or a lifecycle state change.
- Lifecycle State Change: These include the account activities that result from an identity's manual assignment to a null lifecycle state.
- Password Change: These include password changes on sources.
Refer to [Account Activity](https://documentation.sailpoint.com/saas/help/search/index.html#account-activity) for more information about account activities.
- name: Account Aggregations
description: |
Use this API to implement account aggregation progress tracking functionality.
With this functionality in place, administrators can view in-progress account aggregations, their statuses, and their relevant details.
An account aggregation refers to the process Identity Security Cloud uses to gather and load account data from a source into Identity Security Cloud.
Whenever Identity Security Cloud is in the process of aggregating a source, it adds an entry to the Aggregation Activity Log, along with its relevant details.
To view aggregation activity, administrators can select the Connections drop-down menu, select Sources, and select the relevant source, select its Import Data tab, and select Account Aggregation.
In Account Aggregation, administrators can view the account aggregations' statuses and details in the Account Activity Log.
Refer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about account aggregations.
- name: Account Usages
description: |
Use this API to implement account usage insight functionality.
With this functionality in place, administrators can gather information and insights about how their tenants' source accounts are being used.
This allows organizations to get the information they need to start optimizing and securing source account usage.
- name: Accounts
description: |
Use this API to implement and customize account functionality.
With this functionality in place, administrators can manage users' access across sources in Identity Security Cloud.
In Identity Security Cloud, an account refers to a user's account on a supported source.
This typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. Identity Security Cloud loads accounts through the creation of sources in Identity Security Cloud.
Administrators can correlate users' identities with the users' accounts on the different sources they use.
This allows Identity Security Cloud to govern the access of identities and all their correlated accounts securely and cohesively.
To view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab.
To view and edit source account statuses for an identity in Identity Security Cloud, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab.
Administrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity.
Accounts can have the following statuses:
- Enabled: The account is enabled. The user can access it.
- Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in Identity Security Cloud. This can occur when an administrator disables the account or when the user's lifecycle state changes.
- Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times.
- Pending: The account is currently updating. This status typically lasts seconds.
Administrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed.
Refer to [Managing User Accounts](https://documentation.sailpoint.com/saas/help/common/users/user_access.html#managing-user-accounts) for more information about accounts.
- name: Application Discovery
description: |
Use this API to implement application discovery functionality.
With this functionality in place, you can discover applications within your Okta connector and receive connector recommendations by manually uploading application names.
- name: Approvals
description: |
Use this API to implement approval functionality. With this functionality in place, you can get generic approvals and modify them.
The main advantages this API has vs [Access Request Approvals](https://developer.sailpoint.com/docs/api/v2025/access-request-approvals) are that you can use it to get generic approvals individually or in batches and make changes to those approvals.
- name: Apps
description: |
Use this API to implement source application functionality.
With this functionality in place, you can create, customize, and manage applications within sources.
- name: Auth Profile
description: |
Use this API to implement Auth Profile functionality.
With this functionality in place, users can read authentication profiles and make changes to them.
An authentication profile represents an identity profile's authentication configuration.
When the identity profile is created, its authentication profile is also created.
An authentication profile includes information like its authentication profile type (`BLOCK`, `MFA`, `NON_PTA`, PTA`) and settings controlling whether or not it blocks access from off network or untrusted geographies.
- name: Auth Users
description: |
Use this API to implement user authentication system functionality.
With this functionality in place, users can get a user's authentication system details, including their capabilities, and modify those capabilities.
The user's capabilities refer to their access to different systems, or authorization, within the tenant, like access to certifications (CERT_ADMIN) or reports (REPORT_ADMIN).
These capabilities also determine a user's access to the different APIs.
This API provides users with a way to determine a user's access and make quick and easy changes to that access.
- name: Branding
description: |
Use this API to implement and customize branding functionality.
With this functionality in place, administrators can get and manage existing branding items, and they can also create new branding items and configure them for use throughout Identity Security Cloud.
The Branding APIs provide administrators with a way to customize branding items.
This customization includes details like their colors, logos, and other information.
Refer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html) for more information about certifications.
- name: Certification Campaign Filters
description: |
Use this API to implement the certification campaign filter functionality. These filters can be used to create a certification campaign that includes a subset of your entitlements or users to certify.
For example, if for a certification campaign an organization wants to certify only specific users or entitlements, then those can be included/excluded on the basis of campaign filters.
For more information about creating a campaign filter, refer to [Creating a Campaign Filter](https://documentation.sailpoint.com/saas/help/certs/campaign_filters.html#creating-a-campaign-filter)
You can create campaign filters using any of the following criteria types:
- Access Profile : This criteria type includes or excludes access profiles from a campaign.
- Account Attribute : This criteria type includes or excludes certification items that match a specified value in an account attribute.
- Entitlement : This criteria type includes or excludes entitlements from a campaign.
- Identity : This criteria type includes or excludes specific identities from your campaign.
- Identity Attribute : This criteria type includes or excludes identities based on whether they have an identity attribute that matches criteria you've chosen.
- Role : This criteria type includes or excludes roles, as opposed to identities.
- Source : This criteria type includes or excludes entitlements from a source you select.
For more information about these criteria types, refer to [Types of Campaign Filters](https://documentation.sailpoint.com/saas/help/certs/campaign_filters.html#types-of-campaign-filters)
Once the campaign filter is created, it can be linked while creating the campaign. The generated campaign will have the items to review as per the campaign filter.
For example, An inclusion campaign filter is created with a source of Source 1, an operation of Equals, and an entitlement of Entitlement 1. When this filter is selected, only users who have Entitlement 1 are included in the campaign, and only Entitlement 1 is shown in the certification.
- name: Certification Campaigns
description: |
Use this API to implement certification campaign functionality.
With this functionality in place, administrators can create, customize, and manage certification campaigns for their organizations' use.
Certification campaigns provide Identity Security Cloud users with an interactive review process they can use to identify and verify access to systems.
Campaigns help organizations reduce risk of inappropriate access and satisfy audit requirements.
A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access.
These certifications serve as a way of showing that a user's access has been reviewed and approved.
Multiple certifications by different reviewers are often required to approve a user's access.
A set of multiple certifications is called a certification campaign.
For example, an organization may use a Manager Certification campaign as a way of showing that a user's access has been reviewed and approved by multiple managers.
Once this campaign has been completed, Identity Security Cloud would provision all the access the user needs, nothing more.
Identity Security Cloud provides two simple campaign types users can create without using search queries, Manager and Source Owner campaigns:
You can create these types of campaigns without using any search queries in Identity Security Cloud:
- ManagerCampaign: Identity Security Cloud provides this campaign type as a way to ensure that an identity's access is certified by their managers.
You only need to provide a name and description to create one.
- Source Owner Campaign: Identity Security Cloud provides this campaign type as a way to ensure that an identity's access to a source is certified by its source owners.
You only need to provide a name and description to create one.
You can specify the sources whose owners you want involved or just run it across all sources.
For more information about these campaign types, refer to [Starting a Manager or Source Owner Campaign](https://documentation.sailpoint.com/saas/help/certs/starting_campaign.html).
One useful way to create certification campaigns in Identity Security Cloud is to use a specific search and then run a campaign on the results returned by that search.
This allows you to be much more specific about whom you are certifying in your campaigns and what access you are certifying in your campaigns.
For example, you can search for all identities who are managed by "Amanda.Ross" and also have the access to the "Accounting" role and then run a certification campaign based on that search to ensure that the returned identities are appropriately certified.
You can use Identity Security Cloud search queries to create these types of campaigns:
- Identities: Use this campaign type to review and revoke access items for specific identities.
You can either build a search query and create a campaign certifying all identities returned by that query, or you can search for individual identities and add those identities to the certification campaign.
- Access Items: Use this campaign type to review and revoke a set of roles, access profiles, or entitlements from the identities that have them.
You can either build a search query and create a campaign certifying all access items returned by that query, or you can search for individual access items and add those items to the certification campaign.
- Role Composition: Use this campaign type to review a role's composition, including its title, description, and membership criteria.
You can either build a search query and create a campaign certifying all roles returned by that query, or you can search for individual roles and add those roles to the certification campaign.
- Uncorrelated Accounts: Use this campaign type to certify source accounts that aren't linked to an authoritative identity in Identity Security Cloud.
You can use this campaign type to view all the uncorrelated accounts for a source and certify them.
For more information about search-based campaigns, refer to [Starting a Campaign from Search](https://documentation.sailpoint.com/saas/help/certs/starting_search_campaign.html).
Once you have generated your campaign, it becomes available for preview.
An administrator can review the campaign and make changes, or if it's ready and accurate, activate it.
Once the campaign is active, organization administrators or certification administrators can designate other Identity Security Cloud users as certification reviewers.
Those reviewers can view any of the certifications they either need to review (active) or have already reviewed (completed).
When a certification campaign is in progress, certification reviewers see the listed active certifications whose involved identities they can review.
Reviewers can then make decisions to grant or revoke access, as well as reassign the certification to another reviewer. If the reviewer chooses this option, they must provide a reason for reassignment in the form of a comment.
Once a reviewer has made decisions on all the certification's involved access items, he or she must "Sign Off" to complete the review process.
Doing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items.
Once all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase.
In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation.
In this situation, the certification campaign completes once all the remediation requests are completed.
The end of a certification campaign is determined by its deadline, its completion status, or by an administrator's decision.
For more information about certifications and certification campaigns, refer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html).
- name: Certification Summaries
description: |
Use this API to implement certification summary functionality.
With this functionality in place, administrators and designated certification reviewers can review summaries of identity certification campaigns and draw conclusions about the campaigns' scope, security, and effectiveness.
Implementing certification summary functionality improves organizations' ability to review their [certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html) and helps them satisfy audit and regulatory requirements by enabling them to trace access changes and the decisions made in their review processes.
A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access.
These certifications serve as a way of showing that a user's access has been reviewed and approved.
Multiple certifications by different reviewers are often required to approve a user's access.
A set of multiple certifications is called a certification campaign.
For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers.
Once this certification has been completed, Identity Security Cloud would provision all the access the user needs, nothing more.
Certification summaries provide information about identity certification campaigns such as the identities involved, the number of decisions made, and the access changed.
For example, an administrator or designated certification reviewer can examine the Manager Certification campaign to get an overview of how many entitlement decisions are made in that campaign as opposed to role decisions, which identities would be affected by changes to the campaign, and how those identities' access would be affected.
- name: Certifications
description: |
Use this API to implement certification functionality.
With this functionality in place, administrators and designated certification reviewers can review users' access certifications and decide whether to approve access, revoke it, or reassign the review to another reviewer.
Implementing certifications improves organizations' data security by reducing inappropriate access through a distributed review process and helping them satisfy audit and regulatory requirements.
A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access.
These serve as a way of showing that a user's access has been reviewed and approved.
Multiple certifications by different reviewers are often required to approve a user's access.
A set of multiple certifications is called a certification campaign.
For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers.
Once this certification has been completed, Identity Security Cloud would provision all the access the user needs, nothing more.
Organization administrators or certification administrators can designate other Identity Security Cloud users as certification reviewers.
Those reviewers can select the 'Certifications' tab to view any of the certifications they either need to review or have already reviewed under the 'Active' and 'Completed' tabs, respectively.
When a certification campaign is in progress, certification reviewers will see certifications listed under 'Active,' where they can review the involved identities.
Under the 'Decision' column on the right, next to each access item, reviewers can select the checkmark to approve access, select the 'X' to revoke access, or they can toggle the 'More Options' menu to reassign the certification to another reviewer and provide a reason for reassignment in the form of a comment.
Once a reviewer has made decisions on all the certification's involved access items, he or she must select 'Sign Off' to complete the review process.
Doing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items.
Once all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase. In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation.
In this situation, the certification campaign completes once all the remediation requests are completed.
- name: Configuration Hub
description: |
Use this API to implement and customize configuration settings management. With this functionality, you can access the Configuration Hub actions and build your own automated pipeline for Identity Security Cloud configuration change delivery and deployment.
Common usages for Configuration Hub includes:
- Upload configuration file - Configuration files can be managed and deployed using Configuration Hub by uploading a JSON file which contains configuration data.
- Manage object mapping - Create rules to map and substitute attributes when migrating configurations.
- Manage backups for configuration settings
- Manage configuration drafts
- Upload configurations and manage object mappings between tenants.
Refer to [Using the SailPoint Configuration Hub](https://documentation.sailpoint.com/saas/help/confighub/config_hub.html) for more information about Configuration Hub.
- name: Connector Customizers
description: |
Saas Connectivity Customizers are cloud-based connector customizers. The customizers allow you to customize the out of the box connectors in a similar way to how you can use rules to customize VA (virtual appliance) based connectors.
Use these APIs to implement connector customizers functionality.
- name: Connector Rule Management
description: |
Use this API to implement connector rule management functionality.
With this functionality in place, administrators can implement connector-executed rules in a programmatic, scalable way.
In Identity Security Cloud (ISC), [rules](https://developer.sailpoint.com/docs/extensibility/rules) serve as a flexible configuration framework you can leverage to perform complex or advanced configurations.
[Connector-executed rules](https://developer.sailpoint.com/docs/extensibility/rules/connector-rules) are rules that are executed in the ISC virtual appliance (VA), usually extensions of the [connector](https://documentation.sailpoint.com/connectors/isc/landingpages/help/landingpages/isc_landing.html) itself, the bridge between the data source and ISC.
This API allows administrators to view existing connector-executed rules, make changes to them, delete them, and create new ones from the available types.
- name: Connectors
description: |
Use this API to implement connector functionality.
With this functionality in place, administrators can view available connectors.
Connectors are the bridges Identity Security Cloud uses to communicate with and aggregate data from sources.
For example, if it is necessary to set up a connection between Identity Security Cloud and the Active Directory source, a connector can bridge the two and enable Identity Security Cloud to synchronize data between the systems.
This ensures account entitlements and states are correct throughout the organization.
In Identity Security Cloud, administrators can use the Connections drop-down menu and select Sources to view the available source connectors.
Refer to [Identity Security Cloud Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about the connectors available in Identity Security Cloud.
Refer to [SaaS Connectivity](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/) for more information about the SaaS custom connectors that do not need VAs (virtual appliances) to communicate with their sources.
Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about using connectors in Identity Security Cloud.
- name: Custom Forms
description: |
Use this API to build and manage custom forms.
With this functionality in place, administrators can create and view form definitions and form instances.
Forms are composed of sections and fields. Sections split the form into logical groups of fields and fields are the data collection points within the form. Configure conditions to modify elements of the form as the responder provides input. Create form inputs to pass information from a calling feature, like a workflow, to your form.
Forms can be used within workflows as an action or as a trigger. The Form Action allows you to assign a form as a step in a running workflow, suspending the workflow until the form is submitted or times out, and the workflow resumes. The Form Submitted Trigger initiates a workflow when a form is submitted. The trigger can be configured to initiate on submission of a full form, a form element with any value, or a form element with a particular value.
Refer to [Forms](https://documentation.sailpoint.com/saas/help/forms/index.html) for more information about using forms in Identity Security Cloud.
- name: Custom Password Instructions
description: |
Use this API to implement custom password instruction functionality.
With this functionality in place, administrators can create custom password instructions to help users reset their passwords, change them, unlock their accounts, or recover their usernames.
This allows administrators to emphasize password policies or provide organization-specific instructions.
Administrators must first use [Update Password Org Config](https://developer.sailpoint.com/docs/api/v2025/put-password-org-config/) to set `customInstructionsEnabled` to `true`.
Once they have enabled custom instructions, they can use [Create Custom Password Instructions](https://developer.sailpoint.com/docs/api/v2025/create-custom-password-instructions/) to create custom page content for the specific pageId they select.
For example, an administrator can use the pageId forget-username:user-email to set the custom text for the case when users forget their usernames and must enter their emails.
Refer to [Creating Custom Instruction Text](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html#creating-custom-instruction-text) for more information about creating custom password instructions.
- name: Data Segmentation
description: |
This service is responsible for creating segments that will determine how access is delegated to identities
withing the organization.
- name: Dimensions
description: |-
Use this API to implement and customize dynamic role functionality. With this functionality in place, administrators can create dimensions and configure them for use throughout Identity Security Cloud. Identity Security Cloud can use established criteria to automatically assign the dimensions to qualified users. This enables users to get all the access they need quickly and securely and administrators to spend their time on other tasks. Entitlements represent the most granular level of access in Identity Security Cloud.
Access profiles represent the next level and often group entitlements. Dimension represent access selectively based on the evaluation of contextual information that is available or provided. Each Dimension include context attributes and access selection expressions which map criteria to access right assignments. Each dimension can contain up to 5 context attributes. Dynamic Access Roles represent the broadest level of access and often group access profiles ,entitlements and dimensions.Each Dynamic Access Role may contain one or more Dimensions.
- name: Discovered Applications
description: |
Use this API to retrieve all the available discovered apps for a given tenant id.
- name: Entitlements
description: |
Use this API to implement and customize entitlement functionality.
With this functionality in place, administrators can view entitlements and configure them for use throughout Identity Security Cloud in certifications, access profiles, and roles.
Administrators in Identity Security Cloud can then grant users access to the entitlements or configure them so users themselves can request access to the entitlements whenever they need them.
With a good approval process, this entitlement functionality allows users to gain the specific access they need on sources quickly and securely.
Entitlements represent access rights on sources.
Entitlements are the most granular form of access in Identity Security Cloud.
Entitlements are often grouped into access profiles, and access profiles themselves are often grouped into roles, the broadest form of access in Identity Security Cloud.
For example, an Active Directory source in Identity Security Cloud can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.
An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.
An administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source.
When users only need Active Directory employee access, they can request access to the 'Employees' entitlement.
When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.
When users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both.
Administrators often use roles and access profiles within those roles to manage access so that users can gain access more quickly, but the hierarchy of access all starts with entitlements.
Anywhere entitlements appear, you can select them to find more information about the following:
- Cloud Access Details: These provide details about the cloud access entitlements on cloud-enabled sources.
- Permissions: Permissions represent individual units of read/write/admin access to a system.
- Relationships: These list each entitlement's parent and child relationships.
- Type: This is the entitlement's type. Some sources support multiple types, each with a different attribute schema.
Identity Security Cloud uses entitlements in many features, including the following:
- Certifications: Entitlements can be revoked from an identity that no longer needs them.
- Roles: Roles can group access profiles which themselves group entitlements. You can grant and revoke access on a broad level with roles. Role membership criteria can grant roles to identities based on whether they have certain entitlements or attributes.
- Access Profiles: Access profiles group entitlements.
They are the most important units of access in Identity Security Cloud.
Identity Security Cloud uses them in provisioning, certifications, and access requests, and administrators can configure them to grant very broad or very granular access.
You cannot delete entitlements directly from Identity Security Cloud.
Entitlements are deleted based on their inclusion in aggregations.
Refer to [Deleting Entitlements](https://documentation.sailpoint.com/saas/help/access/entitlements.html#deleting-entitlements) more information about deleting entitlements.
Refer to [Entitlements](https://documentation.sailpoint.com/saas/help/access/entitlements.html) for more information about entitlements.
- name: Global Tenant Security Settings
description: |
Use this API to implement and customize global tenant security settings.
With this functionality in place, administrators can manage the global security settings that a tenant/org has.
This API can be used to configure the networks and Geographies allowed to access Identity Security Cloud URLs.
- name: Governance Groups
description: |
Use this API to implement and customize Governance Group functionality. With this functionality in place, administrators can create Governance Groups and configure them for use throughout Identity Security Cloud.
A governance group is a group of users that can make governance decisions about access. If your organization has the Access Request or Certifications service, you can configure governance groups to review access requests or certifications. A governance group can determine whether specific access is appropriate for a user.
Refer to [Creating and Managing Governance Groups](https://documentation.sailpoint.com/saas/help/common/users/governance_groups.html) for more information about how to build Governance Groups in the visual builder in the Identity Security Cloud UI.
- name: IAI Access Request Recommendations
- name: IAI Common Access
- name: IAI Message Catalogs
- name: IAI Outliers
- name: IAI Peer Group Strategies
- name: IAI Recommendations
- name: IAI Role Mining
- name: Icons
description: |
Use this API to implement functionality related to object icons (application icons for example).
With this functionality in place, administrators can set or remove an icon for specific object type for use throughout Identity Security Cloud.
- name: Identities
description: |
Use this API to implement identity functionality.
With this functionality in place, administrators can synchronize an identity's attributes with its various source attributes.
Identity Security Cloud uses identities as users' authoritative accounts. Identities can own other accounts, entitlements, and attributes.
An identity has a variety of attributes, such as an account name, an email address, a job title, and more.
These identity attributes can be correlated with different attributes on different sources.
For example, the identity John.Smith can own an account in the GitHub source with the account name John-Smith-Org, and Identity Security Cloud knows they are the same person with the same access and attributes.
In Identity Security Cloud, administrators often set up these synchronizations to get triggered automatically with a change or to run on a schedule.
To manually synchronize attributes for an identity, administrators can use the Identities drop-down menu and select Identity List to view the list of identities.
They can then select the identity they want to manually synchronize and use the hamburger menu to select 'Synchronize Attributes.'
Doing so immediately begins the attribute synchronization and analyzes all accounts for the selected identity.
Refer to [Synchronizing Attributes](https://documentation.sailpoint.com/saas/help/provisioning/attr_sync.html) for more information about synchronizing attributes.
- name: Identity Attributes
- name: Identity History
- name: Identity Profiles
description: |
Use this API to implement identity profile functionality.
With this functionality in place, administrators can view identity profiles and their configurations.
Identity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes.
In Identity Security Cloud, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles.
This list shows some details about each identity profile, along with its status.
They can select an identity profile to view its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings.
Refer to [Creating Identity Profiles](https://documentation.sailpoint.com/saas/help/setup/identity_profiles.html) for more information about identity profiles.
- name: Lifecycle States
description: |
Use this API to implement and customize lifecycle state functionality.
With this functionality in place, administrators can create and configure custom lifecycle states for use across their organizations, which is key to controlling which users have access, when they have access, and the access they have.
A lifecycle state describes a user's status in a company. For example, two lifecycle states come by default with Identity Security Cloud: 'Active' and 'Inactive.'
When an active employee takes an extended leave of absence from a company, his or her lifecycle state may change to 'Inactive,' for security purposes.
The inactive employee would lose access to all the applications, sources, and sensitive data during the leave of absence, but when the employee returns and becomes active again, all that access would be restored.
This saves administrators the time that would otherwise be spent provisioning the employee's access to each individual tool, reviewing the employee's certification history, etc.
Administrators can create a variety of custom lifecycle states. Refer to [Planning New Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#planning-new-lifecycle-states) for some custom lifecycle state ideas.
Administrators must define the criteria for being in each lifecycle state, and they must define how Identity Security Cloud manages users' access to apps and sources for each lifecycle state.
In Identity Security Cloud, administrators can manage lifecycle states by going to Admin > Identities > Identity Profile, selecting the identity profile whose lifecycle states they want to manage, selecting the 'Provisioning' tab, and using the left panel to either select the lifecycle state they want to modify or create a new lifecycle state.
In the 'Provisioning' tab, administrators can make the following access changes to an identity profile's lifecycle state:
- Enable/disable the lifecycle state for the identity profile.
- Enable/disable source accounts for the identity profile's lifecycle state.
- Add existing access profiles to grant to the identity profiles in that lifecycle state.
- Create a new access profile to grant to the identity profile in that lifecycle state.
Access profiles granted in a previous lifecycle state are automatically revoked when the identity moves to a new lifecycle state.
To maintain access across multiple lifecycle states, administrators must grant the access profiles in each lifecycle state.
For example, if an administrator wants users with the 'HR Employee' identity profile to maintain their building access in both the 'Active' and 'Leave of Absence' lifecycle states, the administrator must grant the access profile for that building access to both lifecycle states.
During scheduled refreshes, Identity Security Cloud evaluates lifecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles.
If the identities are missing access, Identity Security Cloud provisions that access.
Administrators can also use the 'Provisioning' tab to configure email notifications for Identity Security Cloud to send whenever an identity with that identity profile has a lifecycle state change.
Refer to [Configuring Lifecycle State Notifications](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#configuring-lifecycle-state-notifications) for more information on how to do so.
An identity's lifecycle state can have four different statuses: the lifecycle state's status can be 'Active,' it can be 'Not Set,' it can be 'Not Valid,' or it 'Does Not Match Technical Name Case.'
Refer to [Moving Identities into Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#moving-identities-into-lifecycle-states) for more information about these different lifecycle state statuses.
Refer to [Setting Up Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html) for more information about lifecycle states.
- name: Machine Accounts
- name: Machine Identities
- name: Managed Clients
description: |
Use this API to implement managed client functionality.
With this functionality in place, administrators can modify and delete existing managed clients, create new ones, and view and make changes to their log configurations.
- name: Managed Cluster Types
description: |
Use this API to implement managed cluster types functionality.
With this functionality in place, administrators can modify and delete existing managed cluster types and create new ones.
- name: Managed Clusters
description: |
Use this API to implement managed cluster functionality.
With this functionality in place, administrators can modify and delete existing managed clients, get their statuses, and create new ones.
- name: Manual Discover Applications
description: |
Use this API to manually upload application names to be correlated to an ISC connector.
- name: Manual Discover Applications Template
description: |
Use this API to download the CSV template to send to the application discovery service.
- name: MFA Configuration
description: Configure and test multifactor authentication (MFA) methods
- name: MFA Controller
description: This API used for multifactor authentication functionality belong to gov-multi-auth service. This controller allow you to verify authentication by specified method
- name: Multi-Host Integration
description: |
Use this API to build a Multi-Host Integration.
Multi-Host Integration will help customers to configure and manage similar type of target system in Identity Security Cloud.
In Identity Security Cloud, administrators can create a Multi-Host Integration by going to Admin > Connections > Multi-Host Sources and selecting 'Create.'
- name: Non-Employee Lifecycle Management
description: |
Use this API to implement non-employee lifecycle management functionality.
With this functionality in place, administrators can create non-employee records and configure them for use in their organizations.
This allows organizations to provide secure access to non-employees and control that access.
The 'non-employee' term refers to any consultant, contractor, intern, or other user in an organization who is not a full-time permanent employee.
Organizations can track non-employees' access and activity in Identity Security Cloud by creating and maintaining non-employee sources.
Organizations can have a maximum of 50 non-employee sources.
By using SailPoint's Non-Employee Lifecycle Management functionality, you agree to the following:
- SailPoint is not responsible for storing sensitive data.
You may only add account attributes to non-employee identities that are necessary for business operations and are consistent with your contractual limitations on data that may be sent or stored in Identity Security Cloud.
- You are responsible for regularly downloading your list of non-employee accounts for all the sources you create and storing this list of accounts in a managed location to maintain an authoritative system of record and backup data for these accounts.
To manage non-employees in Identity Security Cloud, administrators must create a non-employee source and add accounts to the source.
To create a non-employee source in Identity Security Cloud, administrators must use the Admin panel to go to Connections > Sources.
They must then specify 'Non-Employee' in the 'Source Type' field.
Refer to [Creating a Non-Employee Source](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#creating-a-non-employee-source) for more details about how to create non-employee sources.
To add accounts to a non-employee source in Identity Security Cloud, administrators can select the non-employee source and add the accounts.
They can also use the 'Manage Non-Employees' widget on their user dashboards to reach the list of sources and then select the non-employee source they want to add the accounts to.
Administrators can either add accounts individually or in bulk. Each non-employee source can have a maximum of 20,000 accounts.
To add accounts in bulk, they must select the 'Bulk Upload' option and upload a CSV file.
Refer to [Adding Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#adding-accounts) for more details about how to add accounts to non-employee sources.
Once administrators have created the non-employee source and added accounts to it, they can create identity profiles to generate identities for the non-employee accounts and manage the non-employee identities the same way they would any other identities.
Refer to [Managing Non-Employee Sources and Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html) for more information about non-employee lifecycle management.
- name: Notifications
- name: OAuth Clients
description: |
Use this API to implement OAuth client functionality.
With this functionality in place, users with the appropriate security scopes can create and configure OAuth clients to use as a way to obtain authorization to use the Identity Security Cloud REST API.
Refer to [Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information about OAuth and how it works with the Identity Security Cloud REST API.
- name: Org Config
description: |
Use this API to implement organization configuration functionality.
Administrators can use this functionality to manage organization settings, such as time zones.
- name: Password Configuration
description: |
Use this API to implement organization password configuration functionality.
With this functionality in place, organization administrators can create organization-specific password configurations.
These configurations include details like custom password instructions, as well as digit token length and duration.
Refer to [Configuring User Authentication for Password Resets](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html) for more information about organization password configuration functionality.
- name: Password Dictionary
description: |
Use this API to implement password dictionary functionality.
With this functionality in place, administrators can create password dictionaries to prevent users from using certain words or characters in their passwords.
A password dictionary is a list of words or characters that users are prevented from including in their passwords.
This can help protect users from themselves and force them to create passwords that are not easy to break.
A password dictionary must meet the following requirements to for the API to handle them correctly:
- It must be in .txt format.
- All characters must be UTF-8 characters.
- Each line must contain a single word or character with no spaces or whitespace characters.
- It must contain at least one line other than the locale string.
- Each line must not exceed 128 characters.
- The file must not exceed 2500 lines.
Administrators should also consider the following when they create their dictionaries:
- Lines starting with a # represent comments.
- All words in the password dictionary are case-insensitive.
For example, adding the word "password" to the dictionary also disallows the following: PASSWORD, Password, and PassWord.
- The dictionary uses substring matching.
For example, adding the word "spring" to the dictionary also disallows the following: Spring124, 345SprinG, and 8spring.
Users can then select 'Change Password' to update their passwords.
Administrators must do the following to create a password dictionary:
- Create the text file that will contain the prohibited password values.
- If the dictionary is not in English, they must add a locale string to the top line: locale:`languageCode`_`countryCode`
The languageCode value refers to the language's 2-letter ISO 639-1 code.
The countryCode value refers to the country's 2-letter ISO 3166-1 code.
Refer to this list https://docs.oracle.com/cd/E13214_01/wli/docs92/xref/xqisocodes.html to see all the available ISO 639-1 language codes and ISO 3166-1 country codes.
- Upload the .txt file to Identity Security Cloud with [Update Password Dictionary](https://developer.sailpoint.com/docs/api/v2025/put-password-dictionary). Uploading a new file always overwrites the previous dictionary file.
Administrators can then specify which password policies check new passwords against the password dictionary by doing the following: In the Admin panel, they can use the Password Mgmt dropdown menu to select Policies, select the policy, and select the 'Prevent use of words in this site's password dictionary' checkbox beside it.
Refer to [Configuring Advanced Password Management Options](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html) for more information about password dictionaries.
- name: Password Management
description: |
Use this API to implement password management functionality.
With this functionality in place, users can manage their identity passwords for all their applications.
In Identity Security Cloud, users can select their names in the upper right corner of the page and use the drop-down menu to select Password Manager.
Password Manager lists the user's identity's applications, possibly grouped to share passwords.
Users can then select 'Change Password' to update their passwords.
Grouping passwords allows users to update their passwords more broadly, rather than requiring them to update each password individually.
Password Manager may list the applications and sources in the following groups:
- Password Group: This refers to a group of applications that share a password.
For example, a user can use the same password for Google Drive, Google Mail, and YouTube.
Updating the password for the password group updates the password for all its included applications.
- Multi-Application Source: This refers to a source with multiple applications that share a password.
For example, a user can have a source, G Suite, that includes the Google Calendar, Google Drive, and Google Mail applications.
Updating the password for the multi-application source updates the password for all its included applications.
- Applications: These are applications that do not share passwords with other applications.
An organization may require some authentication for users to update their passwords.
Users may be required to answer security questions or use a third-party authenticator before they can confirm their updates.
Refer to [Managing Passwords](https://documentation.sailpoint.com/saas/user-help/accounts/passwords.html) for more information about password management.
- name: Password Policies
description: |
Use these APIs to implement password policies functionality.
These APIs allow you to define the policy parameters for choosing passwords.
IdentityNow comes with a default policy that you can modify to define the password requirements your users must meet to log in to IdentityNow, such as requiring a minimum password length, including special characters, and disallowing certain patterns.
If you have licensed Password Management, you can create additional password policies beyond the default one to manage passwords for supported sources in your org.
In the Identity Security Cloud Admin panel, administrators can use the Password Mgmt dropdown menu to select Sync Groups.
Refer to [Managing Password Policies](https://documentation.sailpoint.com/saas/help/pwd/pwd_policies/pwd_policies.html) for more information about password policies.
- name: Password Sync Groups
description: |
Use this API to implement password sync group functionality.
With this functionality in place, administrators can group sources into password sync groups so that all their applications share the same password.
This allows users to update the password for all the applications in a sync group if they want, rather than updating each password individually.
A password sync group is a group of applications that shares a password.
Administrators create these groups by grouping the applications' sources.
For example, an administrator can group the ActiveDirectory, GitHub, and G Suite sources together so that all those sources' applications can also be grouped to share a password.
A user can then update his or her password for ActiveDirectory, GitHub, Gmail, Google Drive, and Google Calendar all at once, rather then updating each one individually.
The following are required for administrators to create a password sync group in Identity Security Cloud:
- At least two direct connect sources connected to Identity Security Cloud and configured for Password Management.
- Each authentication source in a sync group must have at least one application. Refer to [Adding and Resetting Application Passwords](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html#adding-and-resetting-application-passwords) for more information about adding applications to sources.
- At least one password policy. Refer to [Managing Password Policies](https://documentation.sailpoint.com/saas/help/pwd/policies.html) for more information about password policies.
In the Admin panel in Identity Security Cloud, administrators can use the Password Mgmt dropdown menu to select Sync Groups.
To create a sync group, administrators must provide a name, choose a password policy to be enforced across the sources in the sync group, and select the sources to include in the sync group.
Administrators can also delete sync groups in Identity Security Cloud, but they should know the following before they do:
- Passwords related to the associated sources will become independent, so changing one will not change the others anymore.
- Passwords for the sources' connected applications will also become independent.
- Password policies assigned to the sync group are then assigned directly to the associated sources.
To change the password policy for a source, administrators must edit it directly.
Once the password sync group has been created, users can update the password for the group in Password Manager.
Refer to [Managing Password Sync Groups](https://documentation.sailpoint.com/saas/help/pwd/sync_grps.html) for more information about password sync groups.
- name: Personal Access Tokens
description: |
Use this API to implement personal access token (PAT) functionality.
With this functionality in place, users can use PATs as an alternative to passwords for authentication in Identity Security Cloud.
PATs embed user information into the client ID and secret.
This replaces the API clients' need to store and provide a username and password to establish a connection, improving Identity Security Cloud organizations' integration security.
In Identity Security Cloud, users can do the following to create and manage their PATs: Select the dropdown menu under their names, select Preferences, and then select Personal Access Tokens.
They must then provide a description about the token's purpose.
They can then select 'Create Token' at the bottom of the page to generate and view the Secret and Client ID.
Refer to [Managing Personal Access Tokens](https://documentation.sailpoint.com/saas/help/common/generate_tokens.html) for more information about PATs.
- name: Public Identities
description: |
Use this API in conjunction with [Public Identites Config](https://developer.sailpoint.com/docs/api/v2025/public-identities-config/) to enable non-administrators to view identities' publicly visible attributes.
With this functionality in place, non-administrators can view identity attributes other than the default attributes (email, lifecycle state, and manager), depending on which identity attributes their organization administrators have made public.
This can be helpful for access approvers, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks.
- name: Public Identities Config
description: |
Use this API to implement public identity configuration functionality.
With this functionality in place, administrators can make up to 5 identity attributes publicly visible so other non-administrator users can see the relevant information they need to make decisions.
This can be helpful for approvers making approvals, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks.
By default, non-administrators can select an identity and view the following attributes: email, lifecycle state, and manager.
However, it may be helpful for a non-administrator reviewer to see other identity attributes like department, region, title, etc.
Administrators can use this API to make those necessary identity attributes public to non-administrators.
For example, a non-administrator deciding whether to approve another identity's request for access to the Workday application, whose access may be restricted to members of the HR department, would want to know whether the identity is a member of the HR department.
If an administrator has used [Update Public Identity Config](https://developer.sailpoint.com/docs/api/v2025/update-public-identity-config/) to make the "department" attribute public, the approver can see the department and make a decision without requesting any more information.
- name: Reports Data Extraction
description: |
Use this API to implement reports lifecycle managing and monitoring.
With this functionality in place, users can run reports, view their results, and cancel reports in progress.
This can be potentially helpful for auditing purposes.
- name: Requestable Objects
description: |
Use this API to implement requestable object functionality.
With this functionality in place, administrators can determine which access items can be requested with the [Access Request APIs](https://developer.sailpoint.com/docs/api/v2025/access-requests/), along with their statuses.
This can be helpful for administrators who are implementing and customizing access request functionality as a way of checking which items are requestable as they are created, assigned, and made available.
- name: Role Insights
- name: Roles
description: |
Use this API to implement and customize role functionality.
With this functionality in place, administrators can create roles and configure them for use throughout Identity Security Cloud.
Identity Security Cloud can use established criteria to automatically assign the roles to qualified users. This enables users to get all the access they need quickly and securely and administrators to spend their time on other tasks.
Entitlements represent the most granular level of access in Identity Security Cloud.
Access profiles represent the next level and often group entitlements.
Roles represent the broadest level of access and often group access profiles.
For example, an Active Directory source in Identity Security Cloud can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.
An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.
An administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source.
When users only need Active Directory employee access, they can request access to the 'Employees' entitlement.
When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.
When users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both.
Roles often represent positions within organizations.
For example, an organization's accountant can access all the tools the organization's accountants need with the 'Accountant' role.
If the accountant switches to engineering, a qualified member of the organization can quickly revoke the accountant's 'Accountant' access and grant access to the 'Engineer' role instead, granting access to all the tools the organization's engineers need.
In Identity Security Cloud, adminstrators can use the Access drop-down menu and select Roles to view, configure, and delete existing roles, as well as create new ones.
Administrators can enable and disable the role, and they can also make the following configurations:
- Manage Access: Manage the role's access by adding or removing access profiles.
- Define Assignment: Define the criteria Identity Security Cloud uses to assign the role to identities.
Use the first option, 'Standard Criteria,' to provide specific criteria for assignment like specific account attributes, entitlements, or identity attributes.
Use the second, 'Identity List,' to specify the identities for assignment.
- Access Requests: Configure roles to be requestable and establish an approval process for any requests that the role be granted or revoked.
Do not configure a role to be requestable without establishing a secure access request approval process for that role first.
Refer to [Working with Roles](https://documentation.sailpoint.com/saas/help/access/roles.html) for more information about roles.
- name: Saved Search
description: |
Use this API to implement saved search functionality.
With saved search functionality in place, users can save search queries and then view those saved searches, as well as rerun them.
Search queries in Identity Security Cloud can grow very long and specific, which can make reconstructing them difficult or tedious, so it can be especially helpful to save search queries.
It also opens the possibility to configure Identity Security Cloud to run the saved queries on a schedule, which is essential to detecting user information and access changes throughout an organization's tenant and across all its sources.
Refer to [Scheduled Search](https://developer.sailpoint.com/docs/api/v2025/scheduled-search/) for more information about running saved searches on a schedule.
In Identity Security Cloud, users can save searches under a name, and then they can access that saved search and run it again when they want.
Refer to [Managing Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html) for more information about saving searches and using them.
- name: Scheduled Search
description: |
Use this API to implement scheduled search functionality.
With scheduled search functionality in place, users can run saved search queries on their tenants on a schedule, and Identity Security Cloud emails them the search results.
Users can also share these search results with other users by email by adding those users as subscribers, or those users can subscribe themselves.
One of the greatest benefits of saving searches is the ability to run those searches on a schedule.
This is essential for organizations to constantly detect any changes to user information or access throughout their tenants and across all their sources.
For example, the manager Amanda Ross can schedule a saved search "manager.name:amanda.ross AND attributes.location:austin" on a schedule to regularly stay aware of changes with the Austin employees reporting to her.
Identity Security Cloud emails her the search results when the search runs, so she can work on other tasks instead of actively running this search.
In Identity Security Cloud, scheduling a search involves a subscription.
Users can create a subscription for a saved search and schedule it to run daily, weekly, or monthly (you can only use one schedule option at a time).
The user can add other identities as subscribers so when the scheduled search runs, the subscribers and the user all receive emails.
By default, subscriptions exclude detailed results from the emails, for security purposes.
Including detailed results about user access in an email may expose sensitive information.
However, the subscription creator can choose to include the information in the emails.
By default, Identity Security Cloud sends emails to the subscribers even when the searches do not return new results.
However, the subscription creator can choose to suppress these empty emails.
Users can also subscribe to saved searches that already have existing subscriptions so they receive emails when the searches run.
A saved search can have up to 10 subscriptions configured at a time.
The subscription creator can enable, disable, or delete the subscription.
Refer to [Subscribing to Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html#subscribing-to-saved-searches) for more information about scheduling searches and subscribing to them.
- name: Search
description: |
Use this API to implement search functionality.
With search functionality in place, users can search their tenants for nearly any information from throughout their organizations.
Identity Security Cloud enables organizations to store user data from across all their connected sources and manage the users' access, so the ability to query and filter that data is essential.
Its search goes through all those sources and finds the results quickly and specifically.
The search query is flexible - it can be very broad or very narrow.
The search only returns results for searchable objects it is filtering for.
The following objects are searchable: identities, roles, access profiles, entitlements, events, and account activities.
By default, no filter is applied, so a search for "Ad" returns both the identity "Adam.Archer" as well as the role "Administrator."
Users can further narrow their results by using Identity Security Cloud's specific syntax and punctuation to structure their queries.
For example, the query "attributes.location:austin AND NOT manager.name:amanda.ross" returns all results associated with the Austin location, but it excludes those associated with the manager Amanda Ross.
Refer to [Building a Search Query](https://documentation.sailpoint.com/saas/help/search/building-query.html) for more information about how to construct specific search queries.
Refer to [Using Search](https://documentation.sailpoint.com/saas/help/search/index.html) for more information about Identity Security Cloud's search and its different possibilities.
The search feature uses Elasticsearch as a datastore and query engine.
The power of Elasticsearch makes this feature suitable for ad-hoc reporting.
However, data from the operational databases (ex. identities, roles, events, etc) has to be ingested into Elasticsearch.
This ingestion process introduces a latency from when the operational data is created to when it is available in search.
Depending on the system load, this can take a few seconds to a few minutes.
Please keep this latency in mind when you use search.
- name: Search Attribute Configuration
description: |
Use this API to implement search attribute configuration functionality, along with [Search](https://developer.sailpoint.com/docs/api/v2025/search).
With this functionality in place, administrators can create custom search attributes that and run extended searches based on those attributes to further narrow down their searches and get the information and insights they want.
Identity Security Cloud (ISC) enables organizations to store user data from across all their connected sources and manage the users' access, so the ability to query and filter that data is essential.
Its search goes through all those sources and finds the results quickly and specifically.
The search query is flexible - it can be very broad or very narrow.
The search only returns results for searchable objects it is filtering for.
The following objects are searchable: identities, roles, access profiles, entitlements, events, and account activities.
By default, no filter is applied, so a search for "Ad" returns both the identity "Adam.Archer" as well as the role "Administrator."
Users can further narrow their results by using ISC's specific syntax and punctuation to structure their queries.
For example, the query "attributes.location:austin AND NOT manager.name:amanda.ross" returns all results associated with the Austin location, but it excludes those associated with the manager Amanda Ross.
Refer to [Building a Search Query](https://documentation.sailpoint.com/saas/help/search/building-query.html) for more information about how to construct specific search queries.
Refer to [Using Search](https://documentation.sailpoint.com/saas/help/search/index.html) for more information about ISC's search and its different possibilities.
With Search Attribute Configuration, administrators can create, manage, and run searches based on the attributes they want to search.
- name: Segments
description: |
Use this API to implement and customize access request segment functionality.
With this functionality in place, administrators can create and manage access request segments.
Segments provide organizations with a way to make the access their users have even more granular - this can simply the access request process for the organization's users and improves security by reducing the risk of overprovisoning access.
Segments represent sets of identities, all grouped by specified identity attributes, who are only able to see and access the access items associated with their segments.
For example, administrators could group all their organization's London office employees into one segment, "London Office Employees," by their shared location.
The administrators could then define the access items the London employees would need, and the identities in the "London Office Employees" would then only be able to see and access those items.
In Identity Security Cloud, administrators can use the 'Access' drop-down menu and select 'Segments' to reach the 'Access Requests Segments' page.
This page lists all the existing access request segments, along with their statuses, enabled or disabled.
Administrators can use this page to create, edit, enable, disable, and delete segments.
To create a segment, an administrator must provide a name, define the identities grouped in the segment, and define the items the identities in the segment can access.
These items can be access profiles, roles, or entitlements.
When administrators use the API to create and manage segments, they use a JSON expression in the `visibilityCriteria` object to define the segment's identities and access items.
Refer to [Managing Access Request Segments](https://documentation.sailpoint.com/saas/help/requests/segments.html) for more information about segments in Identity Security Cloud.
- name: Service Desk Integration
description: |
Use this API to build an integration between Identity Security Cloud and a service desk ITSM (IT service management) solution.
Once an administrator builds this integration between Identity Security Cloud and a service desk, users can use Identity Security Cloud to raise and track tickets that are synchronized between Identity Security Cloud and the service desk.
In Identity Security Cloud, administrators can create a service desk integration (sometimes also called an SDIM, or Service Desk Integration Module) by going to Admin > Connections > Service Desk and selecting 'Create.'
To create a Generic Service Desk integration, for example, administrators must provide the required information on the General Settings page, the Connectivity and Authentication information, Ticket Creation information, Status Mapping information, and Requester Source information on the Configure page.
Refer to [Integrating SailPoint with Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) for more information about the process of setting up a Generic Service Desk in Identity Security Cloud.
Administrators can create various service desk integrations, all with their own nuances.
The following service desk integrations are available:
- [Atlassian Cloud Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_cloud/help/integrating_jira_cloud_sd/introduction.html)
- [Atlassian Server Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_server/help/integrating_jira_server_sd/introduction.html)
- [BMC Helix ITSM Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_ITSM_sd/help/integrating_bmc_helix_itsm_sd/intro.html)
- [BMC Helix Remedyforce Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_remedyforce_sd/help/integrating_bmc_helix_remedyforce_sd/intro.html)
- [Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html)
- [ServiceNow Service Desk](https://documentation.sailpoint.com/connectors/servicenow/sdim/help/integrating_servicenow_sdim/intro.html)
- [Zendesk Service Desk](https://documentation.sailpoint.com/connectors/zendesk/help/integrating_zendesk_sd/introduction.html)
- name: SIM Integrations
description: |
Use this API to administer IdentityNow's Service Integration Module, or SIM integration with ServiceNow, so that it converts IdentityNow provisioning actions into tickets in ServiceNow.
ServiceNow is a software platform that supports IT service management and automates common business processes for requesting and fulfilling service requests across a business enterprise.
You must have an IdentityNow ServiceNow ServiceDesk license to use this integration. Contact your Customer Success Manager for more information.
Service Desk integration for IdentityNow and in deprecation - not available for new implementation, as of July 21st, 2021. As per SailPoint’s [support policy](https://community.sailpoint.com/t5/Connector-Directory/SailPoint-Support-Policy-for-Connectivity/ta-p/79422), all existing SailPoint IdentityNow customers using this legacy integration will be supported until July 2022.
- name: SOD Policies
description: |
Use this API to implement and manage "separation of duties" (SOD) policies.
With SOD policy functionality in place, administrators can organize the access in their tenants to prevent individuals from gaining conflicting or excessive access.
"Separation of duties" refers to the concept that people shouldn't have conflicting sets of access - all their access should be configured in a way that protects your organization's assets and data.
For example, people who record monetary transactions shouldn't be able to issue payment for those transactions.
Any changes to major system configurations should be approved by someone other than the person requesting the change.
Organizations can use "separation of duties" (SOD) policies to enforce and track their internal security rules throughout their tenants.
These SOD policies limit each user's involvement in important processes and protects the organization from individuals gaining excessive access.
To create SOD policies in Identity Security Cloud, administrators use 'Search' and then access 'Policies'.
To create a policy, they must configure two lists of access items. Each access item can only be added to one of the two lists.
They can search for the entitlements they want to add to these access lists.
>Note: You can have a maximum of 500 policies of any type (including general policies) in your organization. In each access-based SOD policy, you can have a maximum of 50 entitlements in each access list.
Once a SOD policy is in place, if an identity has access items on both lists, a SOD violation will trigger.
These violations are included in SOD violation reports that other users will see in emails at regular intervals if they're subscribed to the SOD policy.
The other users can then better help to enforce these SOD policies.
To create a subscription to a SOD policy in Identity Security Cloud, administrators use 'Search' and then access 'Layers'.
They can create a subscription to the policy and schedule it to run at a regular interval.
Refer to [Managing Policies](https://documentation.sailpoint.com/saas/help/sod/manage-policies.html) for more information about SOD policies.
Refer to [Subscribe to a SOD Policy](https://documentation.sailpoint.com/saas/help/sod/policy-violations.html#subscribe-to-an-sod-policy) for more information about SOD policy subscriptions.
- name: SOD Violations
description: |
Use this API to check for current "separation of duties" (SOD) policy violations as well as potential future SOD policy violations.
With SOD violation functionality in place, administrators can get information about current SOD policy violations and predict whether an access change will trigger new violations, which helps to prevent them from occurring at all.
"Separation of duties" refers to the concept that people shouldn't have conflicting sets of access - all their access should be configured in a way that protects your organization's assets and data.
For example, people who record monetary transactions shouldn't be able to issue payment for those transactions.
Any changes to major system configurations should be approved by someone other than the person requesting the change.
Organizations can use "separation of duties" (SOD) policies to enforce and track their internal security rules throughout their tenants.
These SOD policies limit each user's involvement in important processes and protects the organization from individuals gaining excessive access.
Once a SOD policy is in place, if an identity has conflicting access items, a SOD violation will trigger.
These violations are included in SOD violation reports that other users will see in emails at regular intervals if they're subscribed to the SOD policy.
The other users can then better help to enforce these SOD policies.
Administrators can use the SOD violations APIs to check a set of identities for any current SOD violations, and they can use them to check whether adding an access item would potentially trigger a SOD violation.
This second option is a good way to prevent SOD violations from triggering at all.
Refer to [Handling Policy Violations](https://documentation.sailpoint.com/saas/help/sod/policy-violations.html) for more information about SOD policy violations.
- name: Source Usages
description: |
Use this API to implement source usage insight functionality.
With this functionality in place, administrators can gather information and insights about how their tenants' sources are being used.
This allows organizations to get the information they need to start optimizing and securing source usage.
- name: Sources
description: |
Use this API to implement and customize source functionality.
With source functionality in place, organizations can use Identity Security Cloud to connect their various sources and user data sets and manage access across all those different sources in a secure, scalable way.
[Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) refer to the Identity Security Cloud representations for external applications, databases, and directory management systems that maintain their own sets of users, like Dropbox, GitHub, and Workday, for example.
Organizations may use hundreds, if not thousands, of different source systems, and any one employee within an organization likely has a different user record on each source, often with different permissions on many of those records.
Connecting these sources to Identity Security Cloud makes it possible to manage user access across them all.
Then, if a new hire starts at an organization, Identity Security Cloud can grant the new hire access to all the sources they need.
If an employee moves to a new department and needs access to new sources but no longer needs access to others, Identity Security Cloud can grant the necessary access and revoke the unnecessary access for all the employee's various sources.
If an employee leaves the company, Identity Security Cloud can revoke access to all the employee's various source accounts immediately.
These are just a few examples of the many ways that source functionality makes identity governance easier, more efficient, and more secure.
In Identity Security Cloud, administrators can create configure, manage, and edit sources, and they can designate other users as source admins to be able to do so.
They can also designate users as source sub-admins, who can perform the same source actions but only on sources associated with their governance groups.
Admins go to Connections > Sources to see a list of the existing source representations in their organizations.
They can create new sources or select existing ones.
To create a new source, the following must be specified: Source Name, Description, Source Owner, and Connection Type.
Refer to [Configuring a Source](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html#configuring-a-source) for more information about the source configuration process.
Identity Security Cloud connects with its sources either by a direct communication with the source server (connection information specific to the source must be provided) or a flat file feed, a CSV file containing all the relevant information about the accounts to be loaded in.
Different sources use different connectors to share data with Identity Security Cloud, and each connector's setup process is specific to that connector.
SailPoint has built a number of connectors to come out of the box and connect to the most common sources, and SailPoint actively maintains these connectors.
Refer to [Identity Security Cloud Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about these SailPoint supported connectors.
Refer to the following links for more information about two useful connectors:
- [JDBC Connector](https://documentation.sailpoint.com/connectors/jdbc/help/integrating_jdbc/introduction.html): This customizable connector an directly connect to databases that support JDBC (Java Database Connectivity).
- [Web Services Connector](https://documentation.sailpoint.com/connectors/webservices/help/integrating_webservices/introduction.html): This connector can directly connect to databases that support Web Services.
Refer to [SaaS Connectivity](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/) for more information about SailPoint's new connectivity framework that makes it easy to build and manage custom connectors to SaaS sources.
When admins select existing sources, they can view the following information about the source:
- Associated connections (any associated identity profiles, apps, or references to the source in a transform).
- Associated user accounts. These accounts are linked to their identities - this provides a more complete picture of each user's access across sources.
- Associated entitlements (sets of access rights on sources).
- Associated access profiles (groupings of entitlements).
The user account data and the entitlements update with each data aggregation from the source.
Organizations generally run scheduled, automated data aggregations to ensure that their data is always in sync between their sources and their Identity Security Cloud tenants so an access change on a source is detected quickly in Identity Security Cloud.
Admins can view a history of these aggregations, and they can also run manual imports.
Refer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about manual and scheduled aggregations.
Admins can also make changes to determine which user account data Identity Security Cloud collects from the source and how it correlates that account data with identity data.
To define which account attributes the source shares with Identity Security Cloud, admins can edit the account schema on the source.
Refer to [Managing Source Account Schemas](https://documentation.sailpoint.com/saas/help/accounts/schema.html) for more information about source account schemas and how to edit them.
To define the mapping between the source account attributes and their correlating identity attributes, admins can edit the correlation configuration on the source.
Refer to [Assigning Source Accounts to Identities](https://documentation.sailpoint.com/saas/help/accounts/correlation.html) for more information about this correlation process between source accounts and identities.
Admins can also delete sources, but they must first ensure that the sources no longer have any active connections: the source must not be associated with any identity profile or any app, and it must not be referenced by any transform.
Refer to [Deleting Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html#deleting-sources) for more information about deleting sources.
Well organized, mapped out connections between sources and Identity Security Cloud are essential to achieving comprehensive identity access governance across all the source systems organizations need.
Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about all the different things admins can do with sources once they are connected.
- name: SP-Config
description: Import and export configuration for some objects between tenants.
- name: Suggested Entitlement Description
description: |
Use this API to implement Suggested Entitlement Description (SED) functionality.
SED functionality leverages the power of LLM to generate suggested entitlement descriptions.
Refer to [GenAI Entitlement Descriptions](https://documentation.sailpoint.com/saas/help/access/entitlements.html#genai-entitlement-descriptions) to learn more about SED in Identity Security Cloud (ISC).
- name: Tagged Objects
description: |
Use this API to implement object tagging functionality.
With object tagging functionality in place, any user in an organization can use tags as a way to group objects together and find them more quickly when the user searches Identity Security Cloud.
In Identity Security Cloud, users can search their tenants for information and add tags objects they find.
Tagging an object provides users with a way of grouping objects together and makes it easier to find these objects in the future.
For example, if a user is searching for an entitlement that grants a risky level of access to Active Directory, it's possible that the user may have to search through hundreds of entitlements to find the correct one.
Once the user finds that entitlement, the user can add a tag to the entitlement, "AD_RISKY" to make it easier to find the entitlement again.
The user can add the same tag to multiple objects the user wants to group together for an easy future search, and the user can also do so in bulk.
When the user wants to find that tagged entitlement again, the user can search for "tags:AD_RISKY" to find all objects with that tag.
With the API, you can tag even more different object types than you can in Identity Security Cloud (access profiles, entitlements, identities, and roles).
You can use the API to tag all these objects:
- Access profiles
- Applications
- Certification campaigns
- Entitlements
- Identities
- Roles
- SOD (separation of duties) policies
- Sources
You can also use the API to directly find, create, and manage tagged objects without using search queries.
There are limits to tags:
- You can have up to 500 different tags in your tenant.
- You can apply up to 30 tags to one object.
- You can have up to 10,000 tag associations, pairings of 1 tag to 1 object, in your tenant.
Because of these limits, it is recommended that you work with your governance experts and security teams to establish a list of tags that are most expressive of governance objects and access managed by Identity Security Cloud.
These are the types of information often expressed in tags:
- Affected departments
- Compliance and regulatory categories
- Remediation urgency levels
- Risk levels
Refer to [Tagging Items in Search](https://documentation.sailpoint.com/saas/help/search/index.html?h=tags#tagging-items-in-search) for more information about tagging objects in Identity Security Cloud.
- name: Task Management
- name: Tenant
description: API for reading tenant details.
- name: Tenant Context
description: |
The purpose of this API is to manage key-value pairs specific to a tenant's context, enabling dynamic configuration and personalized settings per tenant.
Context key-value pairs will consist of common terms and acronyms used within your organization.
- name: Transforms
description: |
The purpose of this API is to expose functionality for the manipulation of Transform objects.
Transforms are a form of configurable objects which define an easy way to manipulate attribute data without having
to write code.
Refer to [Transforms](https://developer.sailpoint.com/docs/extensibility/transforms/) for more information about transforms.
- name: Triggers
description: |
Event Triggers provide real-time updates to changes in Identity Security Cloud so you can take action as soon as an event occurs, rather than poll an API endpoint for updates. Identity Security Cloud provides a user interface within the admin console to create and manage trigger subscriptions. These endpoints allow for programatically creating and managing trigger subscriptions.
There are two types of event triggers:
* `FIRE_AND_FORGET`: This trigger type will send a payload to each subscriber without needing a response. Each trigger of this type has a limit of **50 subscriptions**.
* `REQUEST_RESPONSE`: This trigger type will send a payload to a subscriber and expect a response back. Each trigger of this type may only have **one subscription**.
## Available Event Triggers
Production ready event triggers that are available in all tenants.
| Name | ID | Type | Trigger condition |
|-|-|-|-|
| [Access Request Dynamic Approval](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-dynamic-approval/) | idn:access-request-dynamic-approver | REQUEST_RESPONSE |After an access request is submitted. Expects the subscriber to respond with the ID of an identity or workgroup to add to the approval workflow. |
| [Access Request Decision](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-decision/) | idn:access-request-post-approval | FIRE_AND_FORGET | After an access request is approved. |
| [Access Request Submitted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-submitted/) | idn:access-request-pre-approval | REQUEST_RESPONSE | After an access request is submitted. Expects the subscriber to respond with an approval decision. |
| [Account Aggregation Completed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/account-aggregation-completed/) | idn:account-aggregation-completed | FIRE_AND_FORGET | After an account aggregation completed, terminated, failed. |
| Account Attributes Changed | idn:account-attributes-changed | FIRE_AND_FORGET | After an account aggregation, and one or more account attributes have changed. |
| Account Correlated | idn:account-correlated | FIRE_AND_FORGET | After an account is added to an identity. |
| Accounts Collected for Aggregation | idn:aggregation-accounts-collected | FIRE_AND_FORGET | New, changed, and deleted accounts have been gathered during an aggregation and are being processed. |
| Account Uncorrelated | idn:account-uncorrelated | FIRE_AND_FORGET | After an account is removed from an identity. |
| Campaign Activated | idn:campaign-activated | FIRE_AND_FORGET | After a campaign is activated. |
| Campaign Ended | idn:campaign-ended | FIRE_AND_FORGET | After a campaign ends. |
| Campaign Generated | idn:campaign-generated | FIRE_AND_FORGET | After a campaign finishes generating. |
| Certification Signed Off | idn:certification-signed-off | FIRE_AND_FORGET | After a certification is signed off by its reviewer. |
| [Identity Attributes Changed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/account-aggregation-completed/) | idn:identity-attributes-changed | FIRE_AND_FORGET | After One or more identity attributes changed. |
| [Identity Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/identity-created/) | idn:identity-created | FIRE_AND_FORGET | After an identity is created. |
| [Provisioning Action Completed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/provisioning-completed/) | idn:post-provisioning | FIRE_AND_FORGET | After a provisioning action completed on a source. |
| [Scheduled Search](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/scheduled-search/) | idn:saved-search-complete | FIRE_AND_FORGET | After a scheduled search completed. |
| [Source Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-created/) | idn:source-created | FIRE_AND_FORGET | After a source is created. |
| [Source Deleted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-deleted/) | idn:source-deleted | FIRE_AND_FORGET | After a source is deleted. |
| [Source Updated](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-updated/) | idn:source-updated | FIRE_AND_FORGET | After configuration changes have been made to a source. |
| [VA Cluster Status Change](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/va-cluster-status-change/) | idn:va-cluster-status-change | FIRE_AND_FORGET | After the status of a VA cluster has changed. |
## Early Access Event Triggers
Triggers that are in-development and not ready for production use. Please contact support to enable these triggers in your tenant.
| Name | ID | Type | Trigger condition |
|-|-|-|-|
| [Identity Deleted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/identity-deleted/) | idn:identity-deleted | FIRE_AND_FORGET | After an identity is deleted. |
| [Source Account Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-account-created/) | idn:source-account-created | FIRE_AND_FORGET | After a source account is created. |
| [Source Account Deleted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-account-deleted/) | idn:source-account-deleted | FIRE_AND_FORGET | After a source account is deleted. |
| [Source Account Updated](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-account-updated/) | idn:source-account-updated | FIRE_AND_FORGET | After a source account is changed. |
- name: UI Metadata
description: |-
API for managing UI Metadata. Use this API to manage metadata about your User Interface.
For example you can set the iFrameWhitelist parameter to permit another domain to encapsulate IDN within an iframe or set the usernameEmptyText to change the placeholder text for Username on your tenant's login screen.
- name: Vendor Connector Mappings
description: |
Vendors use ISC connectors to connect their source data to ISC, but the data in their source and the data in ISC may be stored in different formats.
Connector mappings allow vendors to match their data on both sides of the connection.
The vendors can then track and manage access across their sources from ISC.
This API allows you to create and manage these vendor connector mappings.
- name: Work Items
description: |
Use this API to implement work item functionality.
With this functionality in place, users can manage their work items (tasks).
Work items refer to the tasks users see in Identity Security Cloud's Task Manager.
They can see the pending work items they need to complete, as well as the work items they have already completed.
Task Manager lists the work items along with the involved sources, identities, accounts, and the timestamp when the work item was created.
For example, a user may see a pending 'Create an Account' work item for the identity Fred.Astaire in GitHub for Fred's GitHub account, fred-astaire-sp.
Once the user completes the work item, the work item will be listed with his or her other completed work items.
To complete work items, users can use their dashboards and select the 'My Tasks' widget.
The widget will list any work items they need to complete, and they can select the work item from the list to review its details.
When they complete the work item, they can select 'Mark Complete' to add it to their list of completed work items.
Refer to [Task Manager](https://documentation.sailpoint.com/saas/user-help/task_manager.html) for more information about work items, including the different types of work items users may need to complete.
- name: Work Reassignment
description: |
Use this API to implement work reassignment functionality.
Work Reassignment allows access request reviews, certifications, and manual provisioning tasks assigned to a user to be reassigned to a different user. This is primarily used for:
- Temporarily redirecting work for users who are out of office, such as on vacation or sick leave
- Permanently redirecting work for users who should not be assigned these tasks at all, such as senior executives or service identities
Users can define reassignments for themselves, managers can add them for their team members, and administrators can configure them on any user’s behalf. Work assigned during the specified reassignment timeframes will be automatically reassigned to the designated user as it is created.
Refer to [Work Reassignment](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html) for more information about this topic.
- name: Workflows
description: |
Workflows allow administrators to create custom automation scripts directly within Identity Security Cloud. These automation scripts respond to [event triggers](https://developer.sailpoint.com/docs/extensibility/event-triggers/#how-to-get-started-with-event-triggers) and perform a series of actions to perform tasks that are either too cumbersome or not available in the Identity Security Cloud UI. Workflows can be configured via a graphical user interface within Identity Security Cloud, or by creating and uploading a JSON formatted script to the Workflow service. The Workflows API collection provides the necessary functionality to create, manage, and test your workflows via REST.
x-webhooks:
AccessRequestDecision:
post:
summary: Access request decision
operationId: accessRequestDecisionEvent
description: |-
This event trigger fires after an access request is approved or denied.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Access Request Decision](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-decision).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Access Request Post Approval
type: object
required:
- accessRequestId
- requestedFor
- requestedItemsStatus
- requestedBy
properties:
accessRequestId:
type: string
description: The unique ID of the access request.
example: 2c91808b6ef1d43e016efba0ce470904
requestedFor:
required:
- id
- type
- name
type: array
description: Identities access was requested for.
items:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
minItems: 1
maxItems: 10
requestedItemsStatus:
description: Details on the outcome of each access item.
type: array
items:
type: object
required:
- id
- name
- type
- operation
- approvalInfo
properties:
id:
type: string
description: The unique ID of the access item being requested.
example: 2c91808b6ef1d43e016efba0ce470904
name:
type: string
description: The human friendly name of the access item.
example: Engineering Access
description:
nullable: true
type: string
description: Detailed description of the access item.
example: Access to engineering database
type:
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of access item.
example: ACCESS_PROFILE
operation:
enum:
- Add
- Remove
description: The action to perform on the access item.
example: Add
comment:
nullable: true
type: string
description: A comment from the identity requesting the access.
example: William needs this access to do his job.
clientMetadata:
description: Additional customer defined metadata about the access item.
nullable: true
type: object
additionalProperties: true
example:
applicationName: My application
approvalInfo:
description: A list of one or more approvers for the access request.
type: array
items:
type: object
required:
- approvalDecision
- approverName
- approver
properties:
approvalComment:
nullable: true
type: string
description: A comment left by the approver.
example: This access looks good. Approved.
approvalDecision:
enum:
- APPROVED
- DENIED
description: The final decision of the approver.
example: APPROVED
approverName:
type: string
description: The name of the approver
example: Stephen.Austin
approver:
required:
- id
- type
- name
allOf:
- type: object
description: Identity who approved the access item request.
properties:
type:
type: string
description: DTO type of identity who approved the access item request.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who approved the access item request.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Human-readable display name of identity who approved the access item request.
example: Allen Albertson
description: The identity of the approver.
properties:
type:
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
requestedBy:
required:
- id
- type
- name
allOf:
- type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
AccessRequestDynamicApproval:
post:
summary: Access request dynamic approval
operationId: accessRequestDynamicApprovalEvent
description: |-
This event trigger fires after an access request is submitted but before the request is approved or denied. You can use this trigger as a way to route the access request to an additional approval step by an identity or governance group.
This is a `REQUEST_RESPONSE` event trigger. This trigger type expects a response from the subscribers with directions about how to proceed with the event. You can only have one subscriber per event. For more information about this event trigger, refer to [Access Request Dynamic Approval](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-dynamic-approval).
>**Note: If there is an active subscription to the [Access Request Submitted trigger](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-submitted), this trigger is invoked after the Access Request Submitted trigger, only if the response to that trigger was to approve the request.**
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Access Request Dynamic Approver
type: object
required:
- accessRequestId
- requestedFor
- requestedItems
- requestedBy
properties:
accessRequestId:
type: string
description: |
The unique ID of the access request object. Can be used with the [access request status endpoint](https://developer.sailpoint.com/idn/api/beta/list-access-request-status) to get the status of the request.
example: 4b4d982dddff4267ab12f0f1e72b5a6d
requestedFor:
type: array
description: Identities access was requested for.
items:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
minItems: 1
maxItems: 10
requestedItems:
description: The access items that are being requested.
type: array
items:
type: object
required:
- id
- name
- type
- operation
properties:
id:
type: string
description: The unique ID of the access item.
example: 2c91808b6ef1d43e016efba0ce470904
name:
type: string
description: Human friendly name of the access item.
example: Engineering Access
description:
nullable: true
type: string
description: Extended description of the access item.
example: Engineering Access
type:
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of access item being requested.
example: ACCESS_PROFILE
operation:
enum:
- Add
- Remove
description: Grant or revoke the access item
example: Add
comment:
nullable: true
type: string
description: A comment from the requestor on why the access is needed.
example: William needs this access for his day to day job activities.
minItems: 1
maxItems: 25
requestedBy:
allOf:
- type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
responses:
required: true
content:
application/json:
schema:
title: Access Request Dynamic Approval Response
type: object
required:
- id
- type
- name
properties:
id:
type: string
description: 'Unique identifier of the approver to add to the approval process. If there is none, send an empty value "".'
example: 2c91808b6ef1d43e016efba0ce470906
type:
type: string
description: 'Type of approver to add to the approval process. If there is none, send an empty value "".'
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
name:
type: string
description: 'Name of the approver to add to the approval process. If there is none, send an empty value "".'
example: Adam Adams
AccessRequestSubmitted:
post:
summary: Access request submitted
operationId: accessRequestSubmittedEvent
description: |-
This event trigger fires after an access request is submitted but before the request is approved or denied. A service subscribing to the trigger can respond in real-time to approve or deny the request.
This is a `REQUEST_RESPONSE` event trigger. This trigger type expects a response from the subscribers with directions about how to proceed with the event. You can only have one subscriber per event. For more information about this event trigger, refer to [Access Request Submitted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-submitted).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Access Request Pre Approval
type: object
required:
- accessRequestId
- requestedFor
- requestedItems
- requestedBy
properties:
accessRequestId:
type: string
description: The unique ID of the access request.
example: 2c91808b6ef1d43e016efba0ce470904
requestedFor:
required:
- id
- type
- name
type: array
description: Identities access was requested for.
items:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
minItems: 1
maxItems: 10
requestedItems:
description: Details of the access items being requested.
type: array
items:
type: object
required:
- id
- name
- type
- operation
properties:
id:
type: string
description: The unique ID of the access item being requested.
example: 2c91808b6ef1d43e016efba0ce470904
name:
type: string
description: The human friendly name of the access item.
example: Engineering Access
description:
nullable: true
type: string
description: Detailed description of the access item.
example: Access to engineering database
type:
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of access item.
example: ACCESS_PROFILE
operation:
enum:
- Add
- Remove
description: The action to perform on the access item.
example: Add
comment:
nullable: true
type: string
description: A comment from the identity requesting the access.
example: William needs this access to do his job.
minItems: 1
maxItems: 25
requestedBy:
required:
- id
- type
- name
allOf:
- type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
responses:
required: true
content:
application/json:
schema:
title: Access Request Submitted Response
type: object
required:
- approved
- comment
- approver
properties:
approved:
type: boolean
description: Approval or denial of the request by the subscribing service.
example: true
comment:
type: string
description: Comment from the subscribing service approving or denying the request.
example: This access has passed preliminary approval.
approver:
type: string
description: 'Name of the subscribing service approving the request. This doesn''t normally have to be the name of an existing identity in ISC, but it does if you have an active subscription to the [Access Request Decision trigger](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-decision). If you don''t provide the `username` of an existing identity in your tenant, your Access Request Decision subscriptions will never trigger.'
example: AcmeCorpExternalIntegration
AccountAggregationCompleted:
post:
summary: Account aggregation completed
operationId: accountAggregationCompletedEvent
description: |-
This event trigger fires after a source aggregation has either succeeded or failed in collecting source accounts but before Identity Security Cloud (ISC) processes the aggregation.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Account Aggregation Completed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/account-aggregation-completed).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Account Aggregation Completed
type: object
required:
- source
- status
- started
- completed
- errors
- warnings
- stats
properties:
source:
required:
- type
- name
- id
type: object
description: The source the accounts are being aggregated from.
properties:
type:
type: string
description: The DTO type of the source the accounts are being aggregated from.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: The ID of the source the accounts are being aggregated from.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Display name of the source the accounts are being aggregated from.
example: HR Active Directory
status:
description: The overall status of the aggregation.
enum:
- Success
- Failed
- Terminated
example: Success
started:
type: string
format: date-time
description: The date and time when the account aggregation started.
example: '2020-06-29T22:01:50.474Z'
completed:
type: string
format: date-time
description: The date and time when the account aggregation finished.
example: '2020-06-29T22:02:04.090Z'
errors:
nullable: true
description: A list of errors that occurred during the aggregation.
type: array
items:
type: string
description: A descriptive error message.
example: Accounts unable to be aggregated.
warnings:
nullable: true
description: A list of warnings that occurred during the aggregation.
type: array
items:
type: string
description: A descriptive warning message.
example: Account Skipped
stats:
type: object
description: Overall statistics about the account aggregation.
required:
- scanned
- unchanged
- changed
- added
- removed
properties:
scanned:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: The number of accounts which were scanned / iterated over.
example: 200
unchanged:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: 'The number of accounts which existed before, but had no changes.'
example: 190
changed:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: 'The number of accounts which existed before, but had changes.'
example: 6
added:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: The number of accounts which are new - have not existed before.
example: 4
removed:
type: integer
minimum: 0
maximum: 2147483647
format: int32
description: 'The number accounts which existed before, but no longer exist (thus getting removed).'
example: 3
CampaignActivated:
post:
summary: Campaign activated
operationId: campaignActivatedEvent
description: |-
This event trigger fires after a certification campaign is activated.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Campaign Activated](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/campaign-activated).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Campaign Activated
type: object
required:
- campaign
properties:
campaign:
type: object
description: Details about the certification campaign that was activated.
required:
- id
- name
- description
- created
- deadline
- type
- campaignOwner
- status
properties:
id:
type: string
description: Unique ID for the campaign.
example: 2c91808576f886190176f88cac5a0010
name:
type: string
description: The human friendly name of the campaign.
example: Manager Access Campaign
description:
type: string
description: Extended description of the campaign.
example: Audit access for all employees.
created:
type: string
format: date-time
description: The date and time the campaign was created.
example: '2021-02-16T03:04:45.815Z'
modified:
nullable: true
type: string
format: date-time
description: The date and time the campaign was last modified.
example: '2021-02-16T03:06:45.815Z'
deadline:
type: string
format: date-time
description: The date and time the campaign is due.
example: '2021-03-16T03:04:45.815Z'
type:
description: The type of campaign.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
campaignOwner:
type: object
description: Details of the identity that owns the campaign.
required:
- id
- displayName
- email
properties:
id:
type: string
description: The unique ID of the identity.
example: 37f080867702c1910177031320c40n27
displayName:
type: string
description: The human friendly name of the identity.
example: John Snow
email:
type: string
description: The primary email address of the identity.
example: john.snow@example.com
status:
enum:
- ACTIVE
description: The current status of the campaign.
example: ACTIVE
CampaignEnded:
post:
summary: Campaign ended
operationId: campaignEndedEvent
description: |-
This event trigger fires after a certification campaign ends.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Campaign Ended](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/campaign-ended).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Campaign Ended
type: object
required:
- campaign
properties:
campaign:
type: object
description: Details about the certification campaign that ended.
required:
- id
- name
- description
- created
- deadline
- type
- campaignOwner
- status
properties:
id:
type: string
description: Unique ID for the campaign.
example: 2c91808576f886190176f88cac5a0010
name:
type: string
description: The human friendly name of the campaign.
example: Manager Access Campaign
description:
type: string
description: Extended description of the campaign.
example: Audit access for all employees.
created:
type: string
format: date-time
description: The date and time the campaign was created.
example: '2021-02-16T03:04:45.815Z'
modified:
nullable: true
type: string
format: date-time
description: The date and time the campaign was last modified.
example: '2021-03-16T03:06:45.815Z'
deadline:
type: string
format: date-time
description: The date and time the campaign is due.
example: '2021-03-16T03:04:45.815Z'
type:
description: The type of campaign.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
campaignOwner:
type: object
description: Details of the identity that owns the campaign.
required:
- id
- displayName
- email
properties:
id:
type: string
description: The unique ID of the identity.
example: 37f080867702c1910177031320c40n27
displayName:
type: string
description: The human friendly name of the identity.
example: John Snow
email:
type: string
description: The primary email address of the identity.
example: john.snow@example.com
status:
enum:
- COMPLETED
description: The current status of the campaign.
example: COMPLETED
CampaignGenerated:
post:
summary: Campaign generated
operationId: campaignGeneratedEvent
description: |-
This event trigger fires after a certification campaign has generated and moved into the 'Preview Ready' state but hasn't been activated yet. A typical use case for this event trigger is to use it to immediately activate a campaign once it is generated.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Campaign Generated](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/campaign-generated).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Campaign Generated
type: object
required:
- campaign
properties:
campaign:
description: Details about the campaign that was generated.
type: object
required:
- id
- name
- description
- created
- type
- campaignOwner
- status
properties:
id:
type: string
description: The unique ID of the campaign.
example: 2c91808576f886190176f88cac5a0010
name:
type: string
description: Human friendly name of the campaign.
example: Manager Access Campaign
description:
type: string
description: Extended description of the campaign.
example: Audit access for all employees.
created:
type: string
format: date-time
description: The date and time the campaign was created.
example: '2021-02-16T03:04:45.815Z'
modified:
nullable: true
type: string
description: The date and time the campaign was last modified.
example: '2021-02-17T03:04:45.815Z'
deadline:
nullable: true
type: string
description: The date and time when the campaign must be finished by.
example: '2021-02-18T03:04:45.815Z'
type:
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
description: The type of campaign that was generated.
example: MANAGER
campaignOwner:
type: object
description: The identity that owns the campaign.
required:
- id
- displayName
- email
properties:
id:
type: string
description: The unique ID of the identity.
example: 37f080867702c1910177031320c40n27
displayName:
type: string
description: The display name of the identity.
example: John Snow
email:
type: string
description: The primary email address of the identity.
example: john.snow@example.com
status:
enum:
- STAGED
- ACTIVATING
- ACTIVE
description: The current status of the campaign.
example: STAGED
CertificationSignedOff:
post:
summary: Certification signed off
operationId: certificationSignedOffEvent
description: |-
This event trigger fires after a certification is signed off on and moves to the 'End' status. Do not confuse this event trigger with the Campaign End trigger.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Certification Sign Off](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/certification-signed-off).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Certification Signed Off
type: object
required:
- certification
properties:
certification:
description: The certification campaign that was signed off on.
required:
- id
- name
- created
allOf:
- type: object
required:
- campaignRef
- completed
- decisionsMade
- decisionsTotal
- due
- signed
- reviewer
- campaignOwner
- hasErrors
- phase
- entitiesCompleted
- entitiesTotal
properties:
campaignRef:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
signed:
type: string
format: date-time
description: The date the reviewer signed off on the certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
description: A reference to the reviewer of the campaign.
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
nullable: true
description: A reference to a reviewer that this campaign has been reassigned to.
type: object
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
type: boolean
example: false
description: Indicates it the certification has any errors.
errorMessage:
type: string
nullable: true
example: The certification has an error
description: A message indicating what the error is.
completed:
type: boolean
description: Indicates if all certification decisions have been made.
example: false
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made by the reviewer.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions for the certification.
example: 40
format: int32
entitiesCompleted:
type: integer
description: 'The number of entities (identities, access profiles, roles, etc.) for which all decisions have been made and are complete.'
example: 5
format: int32
entitiesTotal:
type: integer
format: int32
description: 'The total number of entities (identities, access profiles, roles, etc.) in the certification, both complete and incomplete.'
example: 10
properties:
id:
type: string
description: Unique ID of the certification.
example: 2c91808576f886190176f88caf0d0067
name:
type: string
description: The name of the certification.
example: Manager Access Review for Alice Baker
created:
type: string
format: date-time
description: The date and time the certification was created.
example: '2020-02-16T03:04:45.815Z'
modified:
nullable: true
type: string
format: date-time
description: The date and time the certification was last modified.
example: '2020-02-16T03:06:45.815Z'
FormSubmitted:
post:
summary: Form submitted
operationId: formSubmittedEvent
description: |-
This event trigger fires after a user has submitted a [custom form](https://documentation.sailpoint.com/saas/help/forms/index.html) in Identity Security Cloud (ISC).
A typical use case for this trigger is to immediately take actions based on the data in the submitted form.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Form Submitted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/form-submitted).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Form Submitted
type: object
required:
- submittedAt
- tenantId
- formInstanceId
- formDefinitionId
- name
- createdBy
- submittedBy
- formData
properties:
submittedAt:
type: date-time
description: Date and time when the user submitted the form.
example: '2020-06-29T22:01:50.474Z'
tenantId:
type: string
description: ISC tenant's unique identifier.
example: 2c9180845d1edece015d27a9717c3e19
formInstanceId:
type: string
description: Form instance's unique identifier.
example: 2c9180835d2e5168015d32f890ca1582
formDefinitionId:
type: string
description: Form definition's unique identifier.
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: Form's name.
example: Open Service Request
createdBy:
type: object
description: Origin of the form creation.
required:
- type
- id
properties:
type:
type: string
description: Form creation origin's type.
enum:
- WORKFLOW_EXECUTION
- SOURCE
example: WORKFLOW_EXECUTION
id:
type: string
description: Unique identifier of the origin of the form creation.
example: 2c9180845d1edece015d27a9717c3e19
submittedBy:
type: object
description: Identity who submitted the form.
required:
- type
- id
- name
properties:
type:
type: string
description: DTO type of the identity who submitted the form.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Unique identifier of the identity who submitted the form.
example: 2c9180845d1edece015d27a9717c3e19
name:
type: string
description: Name of the identity who submitted the form.
example: Rob.Robertson
formData:
type: object
description: Data in the submitted form.
nullable: true
additionalProperties: true
example:
department: IT
requestType: New Laptop
laptop: New Laptop type for Engineer
comments: 'My laptop is running slowly, and I need to get a shiny new laptop to get my work done. Thanks!'
IdentityAttributesChanged:
post:
summary: Identity attributes changed
operationId: identityAttributesChangedEvent
description: |-
This event trigger fires when Identity Security Cloud (ISC) detects an identity attribute change. ISC identity attribute changes occur when account attributes aggregated from an authoritative source differ from an identity's current attributes during an identity refresh.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Identity Attributes Changed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/identity-attribute-changed).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Identity Attributes Changed
type: object
required:
- identity
- changes
properties:
identity:
required:
- id
- type
- name
type: object
description: Identity whose attributes changed.
properties:
type:
type: string
description: DTO type of identity whose attributes changed.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity whose attributes changed.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of identity whose attributes changed.
example: Michael Michaels
changes:
description: A list of one or more identity attributes that changed on the identity.
type: array
items:
type: object
required:
- attribute
properties:
attribute:
type: string
description: The name of the identity attribute that changed.
example: department
oldValue:
description: The value of the identity attribute before it changed.
nullable: true
example: sales
oneOf:
- type: string
- type: boolean
- type: array
items:
type: string
- type: object
nullable: true
additionalProperties:
oneOf:
- type: string
- type: number
- type: integer
- type: boolean
newValue:
description: The value of the identity attribute after it changed.
example: marketing
oneOf:
- type: string
- type: boolean
- type: array
items:
type: string
- type: object
nullable: true
additionalProperties:
oneOf:
- type: string
- type: number
- type: integer
- type: boolean
IdentityCreated:
post:
summary: Identity created
operationId: identityCreatedEvent
description: |-
This event trigger fires when Identity Security Cloud (ISC) detects a new identity during an aggregation and refresh from an authoritative source. ISC detects a new identity when it finds an account from an authoritative source that isn't correlated to an existing identity.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Identity Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/identity-created).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Identity Created
type: object
required:
- identity
- attributes
properties:
identity:
required:
- id
- type
- name
type: object
description: Created identity.
properties:
type:
type: string
description: Created identity's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Created identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Created identity's display name.
example: Michael Michaels
attributes:
type: object
description: The attributes assigned to the identity. Attributes are determined by the identity profile.
additionalProperties: true
example:
firstname: John
NativeChangeAccountCreated:
post:
summary: Native change account created
operationId: nativeChangeAccountCreatedEvent
description: |-
This event trigger fires when Identity Security Cloud (ISC) aggregates data from an external source and detects that a new account exists on the source. The external source must meet these criteria for you to receive this type of event:
* Native Change Detection (NCD) is enabled.
* Account Create operations are monitored.
* At least one attribute selected for monitoring has changed.
In addition to having NCD enabled, There are two ways to configure a source for NCD:
* Invoke the 'Update Native Change Detection' configuration for each source you want to receive NCD events from.
* Configure the NCD options on the source in the source configuration user interface (UI).
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Native Change Account Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/native-change-account-created).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Source Account Created
type: object
required:
- id
- nativeIdentifier
- sourceId
- sourceName
- identityId
- identityName
- attributes
properties:
uuid:
type: string
description: Source unique identifier for the identity. UUID is generated by the source system.
example: b7264868-7201-415f-9118-b581d431c688
id:
type: string
description: SailPoint generated unique identifier.
example: ee769173319b41d19ccec35ba52f237b
nativeIdentifier:
type: string
description: Unique ID of the account on the source.
example: E009
sourceId:
type: string
description: The ID of the source.
example: 2c918082814e693601816e09471b29b6
sourceName:
type: string
description: The name of the source.
example: Active Directory
identityId:
type: string
description: The ID of the identity that is correlated with this account.
example: ee769173319b41d19ccec6c235423237b
identityName:
type: string
description: The name of the identity that is correlated with this account.
example: john.doe
attributes:
type: object
additionalProperties: true
description: The attributes of the account. The contents of attributes depends on the account schema for the source.
example:
firstname: John
lastname: Doe
email: john.doe@gmail.com
department: Sales
displayName: John Doe
created: '2020-04-27T16:48:33.597Z'
employeeNumber: E009
uid: E009
inactive: 'true'
phone: null
identificationNumber: E009
NativeChangeAccountDeleted:
post:
summary: Native change account deleted
operationId: nativeChangeAccountDeletedEvent
description: |-
This event trigger fires when Identity Security Cloud (ISC) aggregates data from an external source and detects that an account has been deleted from the source. The external source must meet these criteria for you to receive this type of event:
* Native Change Detection (NCD) is enabled.
* Account Delete operations are monitored.
* At least one attribute selected for monitoring has changed.
In addition to having NCD enabled, There are two ways to configure a source for NCD:
* Invoke the 'Update Native Change Detection' configuration for each source you want to receive NCD events from.
* Configure the NCD options on the source in the source configuration user interface (UI).
A typical use for this event trigger would be to notify the correlated identity's manager and the source owner when the account is deleted.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Native Change Account Deleted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/native-change-account-deleted).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Source Account Deleted
type: object
required:
- id
- nativeIdentifier
- sourceId
- sourceName
- identityId
- identityName
- attributes
properties:
uuid:
type: string
description: Source unique identifier for the identity. UUID is generated by the source system.
example: b7264868-7201-415f-9118-b581d431c688
id:
type: string
description: SailPoint generated unique identifier.
example: ee769173319b41d19ccec35ba52f237b
nativeIdentifier:
type: string
description: Unique ID of the account on the source.
example: E009
sourceId:
type: string
description: The ID of the source.
example: 2c918082814e693601816e09471b29b6
sourceName:
type: string
description: The name of the source.
example: Active Directory
identityId:
type: string
description: The ID of the identity that is correlated with this account.
example: ee769173319b41d19ccec6c235423237b
identityName:
type: string
description: The name of the identity that is correlated with this account.
example: john.doe
attributes:
type: object
additionalProperties: true
description: The attributes of the account. The contents of attributes depends on the account schema for the source.
example:
firstname: John
lastname: Doe
email: john.doe@gmail.com
department: Sales
displayName: John Doe
created: '2020-04-27T16:48:33.597Z'
employeeNumber: E009
uid: E009
inactive: 'true'
phone: null
identificationNumber: E009
NativeChangeAccountUpdated:
post:
summary: Native change account updated
operationId: nativeChangeAccountUpdatedEvent
description: |-
This event trigger fires when Identity Security Cloud (ISC) aggregates data from an external source and detects that an account has been updated on the source. The external source must meet these criteria for you to receive this type of event:
* Native Change Detection (NCD) is enabled.
* Account Update operations are monitored.
* At least one attribute selected for monitoring has changed.
In addition to having NCD enabled, There are two ways to configure a source for NCD:
* Invoke the 'Update Native Change Detection' configuration for each source you want to receive NCD events from.
* Configure the NCD options on the source in the source configuration user interface (UI).
A typical use for this event trigger would be to notify the correlated identity's manager and the source owner when the account is deleted.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Native Change Account Updated](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/native-change-account-updated).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Source Account Updated
type: object
required:
- id
- nativeIdentifier
- sourceId
- sourceName
- identityId
- identityName
- attributes
properties:
uuid:
type: string
description: Source unique identifier for the identity. UUID is generated by the source system.
example: b7264868-7201-415f-9118-b581d431c688
id:
type: string
description: SailPoint generated unique identifier.
example: ee769173319b41d19ccec35ba52f237b
nativeIdentifier:
type: string
description: Unique ID of the account on the source.
example: E009
sourceId:
type: string
description: The ID of the source.
example: 2c918082814e693601816e09471b29b6
sourceName:
type: string
description: The name of the source.
example: Active Directory
identityId:
type: string
description: The ID of the identity that is correlated with this account.
example: ee769173319b41d19ccec6c235423237b
identityName:
type: string
description: The name of the identity that is correlated with this account.
example: john.doe
attributes:
type: object
additionalProperties: true
description: The attributes of the account. The contents of attributes depends on the account schema for the source.
example:
firstname: John
lastname: Doe
email: john.doe@gmail.com
department: Sales
displayName: John Doe
created: '2020-04-27T16:48:33.597Z'
employeeNumber: E009
uid: E009
inactive: 'true'
phone: null
identificationNumber: E009
OutlierDetected:
post:
summary: Outlier detected
operationId: outlierDetectedEvent
description: |-
This event trigger fires when Identity Security Cloud (ISC) detects that identities have unusual access relative their peers. ISC calculates outliers daily, flags the outliers, and notifies the trigger's subscribers when it detects them.
These are the requirements to use the trigger:
* Your organization must have Access Insights, which it needs to access Identity Outliers.
* Your organization must have at a configured source that it has loaded account data from.
* Your organization's accound data must be onboarded into AI-Driven Identity Security.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Outlier Detected](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/outlier-detected).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Outlier Detected
type: object
required:
- identity
- outlierType
- score
properties:
identity:
required:
- id
- type
- name
type: object
description: 'Identity with unusual access, relative to its peers.'
properties:
type:
type: string
description: Identity's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity's unique ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Identity's name.
example: Michael Michaels
outlierType:
type: string
description: Identity's outlier type.
enum:
- LOW_SIMILARITY
example: LOW_SIMILARITY
score:
type: number
description: 'Dissimilarity score that determines whether the identity is an outlier, ranging from `0.0` to `1.0`. The higher the score, the more likely the identity is an outlier.'
format: decimal
example: 0.82
ProvisioningCompleted:
post:
summary: Provisioning completed
operationId: provisioningCompletedEvent
description: |-
This event trigger fires after Identity Security Cloud (ISC) provisions access to an account. This trigger provides organizations with a flexible way to extend the provisioning workflow after an identity's access has changed within ISC.
These are the requirements to use the trigger:
* An oAuth client must be configured with the `ORG_ADMIN` authority.
* The organization has enabled the `ARSENAL_ALLOW_POSTPROVISIONING_TRIGGERS` feature flag.
* Connectors are configured for provisioning into the target applications.
* The organization is configured for automated provisioning. Different event contexts require different setups. For more information about these setups, refer to [Provisioning Completed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/provisioning-completed).
To provision access to a target application, the source's connector must support these features:
* `ENABLE`: The ability to enable or disable accounts.
* `UNLOCK`: The ability to lock or unlock accounts.
* `PROVISIONING`: The ability to write to accounts.
* `PASSWORD`: The ability to update account passwords.
For a list of supported connectors and features, refer to [Identity Security Cloud Connectors](https://documentation.sailpoint.com/connectors/isc/landingpages/help/landingpages/isc_landing.html). For more information about configuring sources for provisioning in ISC, refer to [Configuring Source Account Provisioning](https://documentation.sailpoint.com/saas/help/provisioning/create_profile.html).
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Provisioning Completed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/provisioning-completed).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Provisioning Completed
type: object
required:
- trackingNumber
- sources
- recipient
- accountRequests
properties:
trackingNumber:
type: string
description: The reference number of the provisioning request. Useful for tracking status in the Account Activity search interface.
example: 4b4d982dddff4267ab12f0f1e72b5a6d
sources:
type: string
description: One or more sources that the provisioning transaction(s) were done against. Sources are comma separated.
example: 'Corp AD, Corp LDAP, Corp Salesforce'
action:
nullable: true
type: string
description: Origin of where the provisioning request came from.
example: IdentityRefresh
errors:
nullable: true
description: A list of any accumulated error messages that occurred during provisioning.
type: array
items:
type: string
example: Connector AD Failed
warnings:
nullable: true
description: A list of any accumulated warning messages that occurred during provisioning.
type: array
items:
type: string
example: Notification Skipped due to invalid email
recipient:
required:
- id
- type
- name
type: object
description: Provisioning recpient.
properties:
type:
type: string
description: Provisioning recipient DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Provisioning recipient's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Provisioning recipient's display name.
example: Michael Michaels
requester:
nullable: true
required:
- id
- type
- name
type: object
description: Provisioning requester's identity.
properties:
type:
type: string
description: Provisioning requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Provisioning requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Provisioning owner's human-readable display name.
example: William Wilson
accountRequests:
type: array
description: A list of provisioning instructions to perform on an account-by-account basis.
items:
type: object
required:
- source
- accountOperation
- provisioningResult
- provisioningTarget
properties:
source:
required:
- id
- type
- name
type: object
description: Reference to the source being provisioned against.
properties:
id:
description: ID of the object to which this reference applies
type: string
example: 4e4d982dddff4267ab12f0f1e72b5a6d
type:
type: string
enum:
- SOURCE
example: SOURCE
description: The type of object that is referenced
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Corporate Active Directory
accountId:
type: string
description: The unique idenfier of the account being provisioned.
example: 'CN=Chewy.Bacca,ou=hardcorefigter,ou=wookies,dc=starwars,dc=com'
accountOperation:
type: string
description: 'The provisioning operation; typically Create, Modify, Enable, Disable, Unlock, or Delete.'
example: Modify
provisioningResult:
description: 'The overall result of the provisioning transaction; this could be success, pending, failed, etc.'
enum:
- SUCCESS
- PENDING
- FAILED
example: SUCCESS
provisioningTarget:
type: string
description: 'The name of the provisioning channel selected; this could be the same as the source, or could be a Service Desk Integration Module (SDIM).'
example: Corp AD
ticketId:
nullable: true
type: string
description: 'A reference to a tracking number, if this is sent to a Service Desk Integration Module (SDIM).'
example: '72619262'
attributeRequests:
nullable: true
description: A list of attributes as part of the provisioning transaction.
type: array
items:
type: object
required:
- attributeName
- operation
properties:
attributeName:
type: string
description: The name of the attribute being provisioned.
example: memberOf
attributeValue:
nullable: true
type: string
description: The value of the attribute being provisioned.
example: 'CN=jedi,DC=starwars,DC=com'
operation:
enum:
- Add
- Set
- Remove
description: The operation to handle the attribute.
example: Add
ScheduledSearch:
post:
summary: Scheduled search
operationId: scheduledSearchEvent
description: |-
This event trigger fires after Identity Security Cloud (ISC) generates a report from a saved search.
In ISC, users can subscribe to saved searches to receive an email report generated by the saved search. They can then set a schedule for when those saved searches generate reports, such as daily at 6:00 GMT. The trigger can notify an external HTTP application that ISC has generated a report from a saved search and the report is ready to be processed.
These are some typical use cases for the trigger:
* Perform continous checks for Separation of Duties (SOD) violations, for quality control.
* Respond to upcoming Joiner-Mover-Leaver (JML) scenarios, such as deprovisioning access before an employee's separation date.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Scheduled Search](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/scheduled-search).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Saved Search Complete
type: object
required:
- fileName
- ownerEmail
- ownerName
- query
- searchName
- searchResults
- signedS3Url
properties:
fileName:
type: string
description: A name for the report file.
example: Modified.zip
ownerEmail:
type: string
description: The email address of the identity that owns the saved search.
example: test@sailpoint.com
ownerName:
type: string
description: The name of the identity that owns the saved search.
example: Cloud Support
query:
type: string
description: The search query that was used to generate the report.
example: 'modified:[now-7y/d TO now]'
searchName:
type: string
description: The name of the saved search.
example: Modified Activity
searchResults:
type: object
description: 'A preview of the search results for each object type. This includes a count as well as headers, and the first several rows of data, per object type.'
properties:
Account:
description: A table of accounts that match the search criteria.
nullable: true
type: object
required:
- count
- noun
- preview
properties:
count:
type: string
description: The number of rows in the table.
example: 3
noun:
type: string
description: The type of object represented in the table.
example: accounts
preview:
description: A sample of the data in the table.
type: array
items:
type: array
items:
type: string
example: Robert.Chase
example: []
Entitlement:
description: A table of entitlements that match the search criteria.
nullable: true
type: object
required:
- count
- noun
- preview
properties:
count:
type: string
description: The number of rows in the table.
example: 2
noun:
type: string
description: The type of object represented in the table.
example: entitlements
preview:
description: A sample of the data in the table.
type: array
items:
type: array
items:
type: string
example: Administrator
example: []
Identity:
description: A table of identities that match the search criteria.
nullable: true
type: object
required:
- count
- noun
- preview
properties:
count:
type: string
description: The number of rows in the table.
example: 2
noun:
type: string
description: The type of object represented in the table.
example: identities
preview:
description: A sample of the data in the table.
type: array
items:
type: array
items:
type: string
example: Carol Shelby
example: []
signedS3Url:
type: string
description: The Amazon S3 URL to download the report from.
example: 'https://sptcbu-org-data-useast1.s3.amazonaws.com/arsenal-john/reports/Events%20Export.2020-05-06%2018%2759%20GMT.3e580592-86e4-4953-8aea-49e6ef20a086.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200506T185919Z&X-Amz-SignedHeaders=host&X-Amz-Expires=899&X-Amz-Credential=AKIAV5E54XOGTS4Q4L7A%2F20200506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2e732bb97a12a1fd8a215613e3c31fcdae8ba1fb6a25916843ab5b51d2ddefbc'
SourceCreated:
post:
summary: Source created
operationId: sourceCreatedEvent
description: |-
This event trigger fires when a new source is created in Identity Security Cloud (ISC), by either the [API](https://developer.sailpoint.com/docs/api/v2024/create-source) or the [Admin UI](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html#configuring-a-source).
These are some typical use cases for the trigger:
* Provide evidence to auditors to show that connector logic and sources are maintained by proper change control processes and aren't vulnerable to outside manipulation.
* Auto-configure new sources with proper owners, using external data sources.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Source Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-created).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Source Created
type: object
required:
- id
- name
- type
- created
- connector
- actor
properties:
id:
type: string
description: The unique ID of the source.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human friendly name of the source.
example: Test source
type:
type: string
description: The connection type.
example: DIRECT_CONNECT
created:
type: string
format: date-time
description: The date and time the source was created.
example: '2021-03-29T22:01:50.474Z'
connector:
type: string
description: The connector type used to connect to the source.
example: active-directory
actor:
required:
- id
- name
- type
type: object
description: Identity who created the source.
properties:
type:
type: string
description: DTO type of identity who created the source.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who created the source.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Display name of identity who created the source.
example: William Wilson
SourceDeleted:
post:
summary: Source deleted
operationId: sourceDeletedEvent
description: |-
This event trigger fires when a new source is deleted from Identity Security Cloud (ISC), by either the [API](https://developer.sailpoint.com/docs/api/v2024/delete-source) or the [Admin UI](https://documentation.sailpoint.com/saas/help/sources/index.html#deleting-a-source).
These are some typical use cases for the trigger:
* Provide evidence to auditors to show that connector logic and sources are maintained by proper change control processes and aren't vulnerable to outside manipulation.
* Alert admins when a source is incorrectly deleted.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Source Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-deleted).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Source Deleted
type: object
required:
- id
- name
- type
- deleted
- connector
- actor
properties:
id:
type: string
description: The unique ID of the source.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human friendly name of the source.
example: Test source
type:
type: string
description: The connection type.
example: DIRECT_CONNECT
deleted:
type: string
format: date-time
description: The date and time the source was deleted.
example: '2021-03-29T22:01:50.474Z'
connector:
type: string
description: The connector type used to connect to the source.
example: active-directory
actor:
required:
- id
- name
- type
type: object
description: Identity who deleted the source.
properties:
type:
type: string
description: DTO type of identity who deleted the source.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who deleted the source.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Display name of identity who deleted the source.
example: William Wilson
SourceUpdated:
post:
summary: Source updated
operationId: sourceUpdatedEvent
description: |-
This event trigger fires when a new source's configuration is changed in Identity Security Cloud (ISC).
These are some typical use cases for the trigger:
* Provide evidence to auditors to show that connector logic and sources are maintained by proper change control processes and aren't vulnerable to outside manipulation.
* Trigger review for an updated source.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Source Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-updated).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Source Updated
type: object
required:
- id
- name
- type
- modified
- connector
- actor
properties:
id:
type: string
description: The unique ID of the source.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: The user friendly name of the source.
example: Corporate Active Directory
type:
type: string
description: The connection type of the source.
example: DIRECT_CONNECT
modified:
type: string
format: date-time
description: The date and time the source was modified.
example: '2021-03-29T22:01:50.474Z'
connector:
type: string
description: The connector type used to connect to the source.
example: active-directory
actor:
required:
- type
- name
type: object
description: Identity who updated the source.
properties:
type:
type: string
description: DTO type of identity who updated the source.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who updated the source.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Display name of identity who updated the source.
example: William Wilson
VaClusterStatusChange:
post:
summary: Va cluster status change
operationId: vaClusterStatusChangeEvent
description: |-
This event trigger fires when Identity Security Cloud (ISC) runs a health check on a virtual appliance (VA) cluster, and the cluster's health status is different from the previous health check, such as a change from healthy to unhealthy or the opposite. VA cluster health checks run every 30 minutes. Users can use this trigger to monitor all their VA clusters' health status changes.
These are some typical use cases for the trigger:
* Create real-time health dashboards for VA clusters.
* Notify an admin or system to take appropriate actions when a VA cluster's health status changes.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Source Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/va-cluster-status-change).
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: VA Cluster Status Change Event
type: object
required:
- created
- type
- application
- healthCheckResult
- previousHealthCheckResult
properties:
created:
type: string
format: date-time
description: The date and time the status change occurred.
example: '2020-06-29T22:01:50.474Z'
type:
enum:
- SOURCE
- CLUSTER
description: The type of the object that initiated this event.
example: CLUSTER
application:
type: object
description: Details about the `CLUSTER` or `SOURCE` that initiated this event.
required:
- id
- name
- attributes
properties:
id:
type: string
description: The GUID of the application
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: The name of the application
example: Production VA Cluster
attributes:
type: object
description: Custom map of attributes for a source. This will only be populated if type is `SOURCE` and the source has a proxy.
additionalProperties: true
nullable: true
example: null
healthCheckResult:
type: object
description: The results of the most recent health check.
required:
- message
- resultType
- status
properties:
message:
type: string
description: Detailed message of the result of the health check.
example: Test Connection failed with exception. Error message - java.lang Exception
resultType:
type: string
description: The type of the health check result.
example: SOURCE_STATE_ERROR_CLUSTER
status:
enum:
- Succeeded
- Failed
description: The status of the health check.
example: Succeeded
previousHealthCheckResult:
type: object
description: The results of the last health check.
required:
- message
- resultType
- status
properties:
message:
type: string
description: Detailed message of the result of the health check.
example: Test Connection failed with exception. Error message - java.lang Exception
resultType:
type: string
description: The type of the health check result.
example: SOURCE_STATE_ERROR_CLUSTER
status:
enum:
- Succeeded
- Failed
description: The status of the health check.
example: Failed
IdentityDeleted:
post:
summary: Identity deleted
operationId: identityDeletedEvent
description: |-
This event trigger fires after an identity has been completely deleted from Identity Security Cloud (ISC). ISC only deletes an identity when it meets all these requirements:
* It has no correlated accounts.
* It's not an owner of a role, access profile, application, source, or task result.
* It's not an owner or requester of a work item.
* It's not a protected account or manager.
* It has no assigned capabilities, such as being an assigned certification reviewer.
* It's not involved in any active certification as a target (its access is not being certified).
These are some typical use cases for the trigger:
* Notify an administrator or system to take the appropriate provisioning actions as part of the leaver workflow.
* Notify a system to trigger another action, such as deactivating an employee's badge upon termination.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Identity Deleted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/identity-deleted).
>**Note: This is an early access event trigger. Contact support to enable it on your tenant.**
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
requestBody:
required: true
content:
application/json:
schema:
title: Identity Deleted
type: object
required:
- identity
- attributes
properties:
identity:
required:
- id
- type
- name
type: object
description: Deleted identity.
properties:
type:
type: string
description: Deleted identity's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Deleted identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Deleted identity's display name.
example: Michael Michaels
attributes:
type: object
description: The attributes assigned to the identity. Attributes are determined by the identity profile.
additionalProperties: true
example:
firstname: John
SourceAccountCreated:
post:
summary: Source account created
operationId: sourceAccountCreatedEvent
description: |-
This event trigger fires after Identity Security Cloud (ISC) detects a new account during an account aggregation and refresh from a source. This trigger cannot determine whether the account creation happened on the source or in ISC. It omits events related to ISC accounts, such as the ISC Admin.
A typical use for this trigger is to watch for new accounts with highly privileged access, such as an account created in Active Directory Domain Admins.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Source Account Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-account-created).
>**Note: This is an early access event trigger. Contact support to enable it on your tenant.**
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
deprecated: true
requestBody:
required: true
content:
application/json:
schema:
title: Source Account Created
type: object
required:
- id
- nativeIdentifier
- sourceId
- sourceName
- identityId
- identityName
- attributes
properties:
uuid:
type: string
description: Source unique identifier for the identity. UUID is generated by the source system.
example: b7264868-7201-415f-9118-b581d431c688
id:
type: string
description: SailPoint generated unique identifier.
example: ee769173319b41d19ccec35ba52f237b
nativeIdentifier:
type: string
description: Unique ID of the account on the source.
example: E009
sourceId:
type: string
description: The ID of the source.
example: 2c918082814e693601816e09471b29b6
sourceName:
type: string
description: The name of the source.
example: Active Directory
identityId:
type: string
description: The ID of the identity that is correlated with this account.
example: ee769173319b41d19ccec6c235423237b
identityName:
type: string
description: The name of the identity that is correlated with this account.
example: john.doe
attributes:
type: object
additionalProperties: true
description: The attributes of the account. The contents of attributes depends on the account schema for the source.
example:
firstname: John
lastname: Doe
email: john.doe@gmail.com
department: Sales
displayName: John Doe
created: '2020-04-27T16:48:33.597Z'
employeeNumber: E009
uid: E009
inactive: 'true'
phone: null
identificationNumber: E009
SourceAccountDeleted:
post:
summary: Source account deleted
operationId: sourceAccountDeletedEvent
description: |-
This event trigger fires when Identity Security Cloud (ISC), during an account aggregation operation, detects that an account has been deleted. This trigger cannot determine whether the account deletion happened on the source or in ISC. It omits events related to ISC accounts, such as the ISC Admin.
A typical use for this trigger is to watch for deletions of authoritative accounts, such as an account deleted from Workday.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Source Account Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-account-deleted).
>**Note: This is an early access event trigger. Contact support to enable it on your tenant.**
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
deprecated: true
requestBody:
required: true
content:
application/json:
schema:
title: Source Account Deleted
type: object
required:
- id
- nativeIdentifier
- sourceId
- sourceName
- identityId
- identityName
- attributes
properties:
uuid:
type: string
description: Source unique identifier for the identity. UUID is generated by the source system.
example: b7264868-7201-415f-9118-b581d431c688
id:
type: string
description: SailPoint generated unique identifier.
example: ee769173319b41d19ccec35ba52f237b
nativeIdentifier:
type: string
description: Unique ID of the account on the source.
example: E009
sourceId:
type: string
description: The ID of the source.
example: 2c918082814e693601816e09471b29b6
sourceName:
type: string
description: The name of the source.
example: Active Directory
identityId:
type: string
description: The ID of the identity that is correlated with this account.
example: ee769173319b41d19ccec6c235423237b
identityName:
type: string
description: The name of the identity that is correlated with this account.
example: john.doe
attributes:
type: object
additionalProperties: true
description: The attributes of the account. The contents of attributes depends on the account schema for the source.
example:
firstname: John
lastname: Doe
email: john.doe@gmail.com
department: Sales
displayName: John Doe
created: '2020-04-27T16:48:33.597Z'
employeeNumber: E009
uid: E009
inactive: 'true'
phone: null
identificationNumber: E009
SourceAccountUpdated:
post:
summary: Source account updated
operationId: sourceAccountUpdatedEvent
description: |-
This event trigger fires when Identity Security Cloud (ISC), during an account aggregation operation, detects a change to one or more account attributes on a single account. This trigger cannot determine whether the account update happened on the source or in ISC. It omits events related to ISC accounts, such as the ISC Admin.
These actions are considered updated:
* An update to account attributes
* Enabling or disabling an account
* Locking or unlocking an account
* A change to a source account password
A typical use for this trigger is to watch for updates to accounts that add highly privileged access, such as an account that is granted privileged access on a sensitive source.
This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Source Account Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-account-updated).
>**Note: This is an early access event trigger. Contact support to enable it on your tenant.**
tags:
- Triggers
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
deprecated: true
requestBody:
required: true
content:
application/json:
schema:
title: Source Account Updated
type: object
required:
- id
- nativeIdentifier
- sourceId
- sourceName
- identityId
- identityName
- attributes
properties:
uuid:
type: string
description: Source unique identifier for the identity. UUID is generated by the source system.
example: b7264868-7201-415f-9118-b581d431c688
id:
type: string
description: SailPoint generated unique identifier.
example: ee769173319b41d19ccec35ba52f237b
nativeIdentifier:
type: string
description: Unique ID of the account on the source.
example: E009
sourceId:
type: string
description: The ID of the source.
example: 2c918082814e693601816e09471b29b6
sourceName:
type: string
description: The name of the source.
example: Active Directory
identityId:
type: string
description: The ID of the identity that is correlated with this account.
example: ee769173319b41d19ccec6c235423237b
identityName:
type: string
description: The name of the identity that is correlated with this account.
example: john.doe
attributes:
type: object
additionalProperties: true
description: The attributes of the account. The contents of attributes depends on the account schema for the source.
example:
firstname: John
lastname: Doe
email: john.doe@gmail.com
department: Sales
displayName: John Doe
created: '2020-04-27T16:48:33.597Z'
employeeNumber: E009
uid: E009
inactive: 'true'
phone: null
identificationNumber: E009
paths:
/access-profiles:
get:
operationId: listAccessProfiles
tags:
- Access Profiles
summary: List access profiles
description: |-
Get a list of access profiles.
>**Note:** When you filter for access profiles that have the '+' symbol in their names, the response is blank.
parameters:
- in: query
name: for-subadmin
schema:
type: string
description: |-
Filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN identity. The value of the parameter is either an identity ID or the special value **me**, which is shorthand for the calling identity's ID.
If you specify an identity that isn't a subadmin, the API returns a 400 Bad Request error.
example: 8c190e6787aa4ed9a90bd9d5344523fb
required: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**created**: *gt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**requestable**: *eq*
**source.id**: *eq, in*
Supported composite operators are *and, or*
Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names.
example: name eq "SailPoint Support"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: 'name,-modified'
required: false
- in: query
name: for-segment-ids
schema:
type: string
format: comma-separated
description: |-
Filters access profiles to only those assigned to the segment(s) with the specified IDs.
If segmentation is currently unavailable, specifying this parameter results in an error.
example: '0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d'
required: false
- in: query
name: include-unsegmented
schema:
type: boolean
default: true
description: 'Indicates whether the response list should contain unsegmented access profiles. If `for-segment-ids` is absent or empty, specifying *include-unsegmented* as `false` results in an error.'
example: false
required: false
responses:
'200':
description: List of access profiles.
content:
application/json:
schema:
type: array
items:
type: object
description: Access profile.
properties:
id:
type: string
description: Access profile ID.
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Access profile name.
example: Employee-database-read-write
description:
type: string
nullable: true
description: Access profile description.
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date and time when the access profile was created.
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date and time when the access profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: false
description: 'Indicates whether the access profile is enabled. If it''s enabled, you must include at least one entitlement.'
example: true
owner:
description: Access profile owner.
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: ID of the source the access profile is associated with.
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: Source's DTO type.
example: SOURCE
name:
type: string
description: Source name.
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: 'List of entitlements associated with the access profile. If `enabled` is false, this can be empty. Otherwise, it must contain at least one entitlement.'
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Indicates whether the access profile is requestable by access request. Currently, making an access profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an access profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for the object.
type: object
properties:
commentsRequired:
type: boolean
description: Indicates whether the requester of the containing object must provide comments justifying the request.
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Indicates whether an approver must provide comments when denying the request.
example: true
nullable: true
default: false
reauthorizationRequired:
type: boolean
description: Indicates whether reauthorization is required for the request.
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps involved in approving the request.
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. These are the possible values:
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`.
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for the object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps involved in approving the revocation request.
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. These are the possible values:
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`.
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of segment IDs, if any, that the access profile is assigned to.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an identity has multiple accounts on the source the access profile is associated with, the API evaluates this expression against those accounts to choose one to provision with the access profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an account to be provisioned with a specific access profile.
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an account to be provisioned with a specific access profile.
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:access-profile:read'
- applicationAuth:
- 'idn:access-profile:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
post:
operationId: createAccessProfile
tags:
- Access Profiles
summary: Create access profile
description: |-
Create an access profile.
A user with `ROLE_SUBADMIN` or `SOURCE_SUBADMIN` authority must be associated with the access profile's source.
The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles. However, any new access profiles as well as any updates to existing descriptions are limited to 2000 characters.
>**Note:** To use this endpoint, you need all the listed scopes.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Access profile.
properties:
id:
type: string
description: Access profile ID.
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Access profile name.
example: Employee-database-read-write
description:
type: string
nullable: true
description: Access profile description.
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date and time when the access profile was created.
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date and time when the access profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: false
description: 'Indicates whether the access profile is enabled. If it''s enabled, you must include at least one entitlement.'
example: true
owner:
description: Access profile owner.
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: ID of the source the access profile is associated with.
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: Source's DTO type.
example: SOURCE
name:
type: string
description: Source name.
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: 'List of entitlements associated with the access profile. If `enabled` is false, this can be empty. Otherwise, it must contain at least one entitlement.'
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Indicates whether the access profile is requestable by access request. Currently, making an access profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an access profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for the object.
type: object
properties:
commentsRequired:
type: boolean
description: Indicates whether the requester of the containing object must provide comments justifying the request.
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Indicates whether an approver must provide comments when denying the request.
example: true
nullable: true
default: false
reauthorizationRequired:
type: boolean
description: Indicates whether reauthorization is required for the request.
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps involved in approving the request.
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. These are the possible values:
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`.
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for the object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps involved in approving the revocation request.
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. These are the possible values:
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`.
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of segment IDs, if any, that the access profile is assigned to.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an identity has multiple accounts on the source the access profile is associated with, the API evaluates this expression against those accounts to choose one to provision with the access profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an account to be provisioned with a specific access profile.
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an account to be provisioned with a specific access profile.
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
responses:
'201':
description: Access profile created.
content:
application/json:
schema:
type: object
description: Access profile.
properties:
id:
type: string
description: Access profile ID.
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Access profile name.
example: Employee-database-read-write
description:
type: string
nullable: true
description: Access profile description.
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date and time when the access profile was created.
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date and time when the access profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: false
description: 'Indicates whether the access profile is enabled. If it''s enabled, you must include at least one entitlement.'
example: true
owner:
description: Access profile owner.
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: ID of the source the access profile is associated with.
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: Source's DTO type.
example: SOURCE
name:
type: string
description: Source name.
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: 'List of entitlements associated with the access profile. If `enabled` is false, this can be empty. Otherwise, it must contain at least one entitlement.'
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Indicates whether the access profile is requestable by access request. Currently, making an access profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an access profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for the object.
type: object
properties:
commentsRequired:
type: boolean
description: Indicates whether the requester of the containing object must provide comments justifying the request.
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Indicates whether an approver must provide comments when denying the request.
example: true
nullable: true
default: false
reauthorizationRequired:
type: boolean
description: Indicates whether reauthorization is required for the request.
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps involved in approving the request.
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. These are the possible values:
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`.
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for the object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps involved in approving the revocation request.
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. These are the possible values:
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`.
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of segment IDs, if any, that the access profile is assigned to.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an identity has multiple accounts on the source the access profile is associated with, the API evaluates this expression against those accounts to choose one to provision with the access profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an account to be provisioned with a specific access profile.
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an account to be provisioned with a specific access profile.
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:access-profile:manage'
- 'idn:entitlement:read'
- 'idn:identity:read'
- 'idn:sources:read'
- applicationAuth:
- 'idn:access-profile:manage'
- 'idn:entitlement:read'
- 'idn:identity:read'
- 'idn:sources:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
'/access-profiles/{id}':
get:
operationId: getAccessProfile
tags:
- Access Profiles
summary: Get an access profile
description: This API returns an Access Profile by its ID.
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listAccessProfiles
schema:
type: string
description: ID of the Access Profile
example: 2c9180837ca6693d017ca8d097500149
responses:
'200':
description: An AccessProfile
content:
application/json:
schema:
type: object
description: Access profile.
properties:
id:
type: string
description: Access profile ID.
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Access profile name.
example: Employee-database-read-write
description:
type: string
nullable: true
description: Access profile description.
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date and time when the access profile was created.
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date and time when the access profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: false
description: 'Indicates whether the access profile is enabled. If it''s enabled, you must include at least one entitlement.'
example: true
owner:
description: Access profile owner.
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: ID of the source the access profile is associated with.
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: Source's DTO type.
example: SOURCE
name:
type: string
description: Source name.
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: 'List of entitlements associated with the access profile. If `enabled` is false, this can be empty. Otherwise, it must contain at least one entitlement.'
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Indicates whether the access profile is requestable by access request. Currently, making an access profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an access profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for the object.
type: object
properties:
commentsRequired:
type: boolean
description: Indicates whether the requester of the containing object must provide comments justifying the request.
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Indicates whether an approver must provide comments when denying the request.
example: true
nullable: true
default: false
reauthorizationRequired:
type: boolean
description: Indicates whether reauthorization is required for the request.
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps involved in approving the request.
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. These are the possible values:
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`.
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for the object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps involved in approving the revocation request.
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. These are the possible values:
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`.
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of segment IDs, if any, that the access profile is assigned to.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an identity has multiple accounts on the source the access profile is associated with, the API evaluates this expression against those accounts to choose one to provision with the access profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an account to be provisioned with a specific access profile.
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an account to be provisioned with a specific access profile.
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:access-profile:read'
- applicationAuth:
- 'idn:access-profile:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
patch:
operationId: patchAccessProfile
tags:
- Access Profiles
summary: Patch a specified access profile
description: |-
This API updates an existing Access Profile. The following fields are patchable:
**name**
**description**
**enabled**
**owner**
**requestable**
**accessRequestConfig**
**revokeRequestConfig**
**segments**
**entitlements**
**provisioningCriteria**
**source** (must be updated with entitlements belonging to new source in the same API call)
If you need to change the `source` of the access profile, you can do so only if you update the `entitlements` in the same API call. The new entitlements can only come from the target source that you want to change to. Look for the example "Replace Source" in the examples dropdown.
A user with SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to administer.
> The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.
> You can only add or replace **entitlements** that exist on the source that the access profile is attached to. You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source.
parameters:
- name: id
in: path
description: ID of the Access Profile to patch
required: true
x-sailpoint-resource-operation-id: listAccessProfiles
schema:
type: string
example: 2c91808a7813090a017814121919ecca
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Add Entitlements:
description: Add one or more entitlements to the end of the list
value:
- op: add
path: /entitlements
value:
- id: 2c9180857725c14301772a93bb77242d
type: ENTITLEMENT
name: AD User Group
Insert Entitlement:
description: Add an entitlement at the beginning of the entitlement list
value:
- op: add
path: /entitlements/0
value:
id: 2c9180857725c14301772a93bb77242d
type: ENTITLEMENT
name: AD User Group
Replace Entitlements:
description: Replace all entitlements with a new list of entitlements
value:
- op: replace
path: /entitlements
value:
- id: 2c9180857725c14301772a93bb77242d
type: ENTITLEMENT
name: AD User Group
Remove Entitlement:
description: Remove the first entitlement in the list
value:
- op: remove
path: /entitlements/0
Replace Source:
description: Change the source and the entitlements of the access profile
value:
- op: replace
path: /source
value:
id: 2c9180887671ff8c01767b4671fb7d5e
type: SOURCE
name: Employees
- op: replace
path: /entitlements
value:
- id: 2c9180877677453d01767b4b08f63386
type: ENTITLEMENT
name: DevRel
required: true
responses:
'200':
description: Responds with the Access Profile as updated.
content:
application/json:
schema:
type: object
description: Access profile.
properties:
id:
type: string
description: Access profile ID.
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Access profile name.
example: Employee-database-read-write
description:
type: string
nullable: true
description: Access profile description.
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date and time when the access profile was created.
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date and time when the access profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: false
description: 'Indicates whether the access profile is enabled. If it''s enabled, you must include at least one entitlement.'
example: true
owner:
description: Access profile owner.
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: ID of the source the access profile is associated with.
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: Source's DTO type.
example: SOURCE
name:
type: string
description: Source name.
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: 'List of entitlements associated with the access profile. If `enabled` is false, this can be empty. Otherwise, it must contain at least one entitlement.'
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Indicates whether the access profile is requestable by access request. Currently, making an access profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an access profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for the object.
type: object
properties:
commentsRequired:
type: boolean
description: Indicates whether the requester of the containing object must provide comments justifying the request.
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Indicates whether an approver must provide comments when denying the request.
example: true
nullable: true
default: false
reauthorizationRequired:
type: boolean
description: Indicates whether reauthorization is required for the request.
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps involved in approving the request.
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. These are the possible values:
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`.
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for the object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps involved in approving the revocation request.
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. These are the possible values:
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`.
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of segment IDs, if any, that the access profile is assigned to.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an identity has multiple accounts on the source the access profile is associated with, the API evaluates this expression against those accounts to choose one to provision with the access profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an account to be provisioned with a specific access profile.
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an account to be provisioned with a specific access profile.
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:access-profile:manage'
- applicationAuth:
- 'idn:access-profile:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
delete:
operationId: deleteAccessProfile
tags:
- Access Profiles
summary: Delete the specified access profile
description: |-
This API deletes an existing Access Profile.
The Access Profile must not be in use, for example, Access Profile can not be deleted if they belong to an Application, Life Cycle State or a Role. If it is, a 400 error is returned.
A user with SOURCE_SUBADMIN must be able to administer the Source associated with the Access Profile.
parameters:
- name: id
in: path
description: ID of the Access Profile to delete
required: true
x-sailpoint-resource-operation-id: listAccessProfiles
schema:
type: string
example: 2c91808a7813090a017814121919ecca
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Returned when an access profile cannot be deleted as it's being used.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
400.2.1.0 Object in use by another:
description: Returned when an access profile cannot be deleted as it's being used
value:
detailCode: 400.2.1.0 Object in use by another
trackingId: c9c1033c55b84ebc9e93e926dcf8b8b3
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The "testAccessProfile" access profile can't be deleted because it's in use.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:access-profile:manage'
- applicationAuth:
- 'idn:access-profile:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
/access-profiles/bulk-delete:
post:
operationId: deleteAccessProfilesInBulk
summary: Delete access profile(s)
tags:
- Access Profiles
description: |-
This endpoint initiates a bulk deletion of one or more access profiles.
When the request is successful, the endpoint returns the bulk delete's task result ID. To follow the task, you can use [Get Task Status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status), which will return the task result's status and information.
This endpoint can only bulk delete up to a limit of 50 access profiles per request.
By default, if any of the indicated access profiles are in use, no deletions will be performed and the **inUse** field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is **true**, however, usages are reported in the **inUse** response field but all other indicated access profiles will be deleted.
A SOURCE_SUBADMIN user can only use this endpoint to delete access profiles associated with sources they're able to administer.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
accessProfileIds:
description: List of IDs of Access Profiles to be deleted.
type: array
items:
type: string
example:
- 2c9180847812e0b1017817051919ecca
- 2c9180887812e0b201781e129f151816
bestEffortOnly:
description: 'If **true**, silently skip over any of the specified Access Profiles if they cannot be deleted because they are in use. If **false**, no deletions will be attempted if any of the Access Profiles are in use.'
type: boolean
example: true
example:
bestEffortOnly: true
accessProfileIds:
- 2c91808876438bb2017668b91919ecca
- 2c91808876438ba801766e129f151816
responses:
'200':
description: 'Returned only if **bestEffortOnly** is **false**, and one or more Access Profiles are in use.'
content:
application/json:
schema:
type: object
properties:
taskId:
type: string
description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status.
example: 2c9180867817ac4d017817c491119a20
pending:
type: array
description: List of IDs of Access Profiles which are pending deletion.
items:
type: string
example:
- 2c91808876438bbb017668c21919ecca
- 2c91808876438bb201766e129f151816
inUse:
type: array
description: List of usages of Access Profiles targeted for deletion.
items:
type: object
properties:
accessProfileId:
type: string
description: ID of the Access Profile that is in use
example: 2c91808876438bbb017668c21919ecca
usedBy:
type: array
description: List of references to objects which are using the indicated Access Profile
items:
type: object
description: Role using the access profile.
properties:
type:
type: string
description: DTO type of role using the access profile.
enum:
- ROLE
example: ROLE
id:
type: string
description: ID of role using the access profile.
example: 2c8180857a9b3da0017aa03418480f9d
name:
type: string
description: Display name of role using the access profile.
example: Manager Role
example:
pending: []
inUse:
- accessProfileId: 2c91808876438ba801766e129f151816
usages:
- type: Role
id: 2c9180887643764201766e9f6e121518
'202':
description: Returned if at least one deletion will be performed.
content:
application/json:
schema:
type: object
properties:
taskId:
type: string
description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status.
example: 2c9180867817ac4d017817c491119a20
pending:
type: array
description: List of IDs of Access Profiles which are pending deletion.
items:
type: string
example:
- 2c91808876438bbb017668c21919ecca
- 2c91808876438bb201766e129f151816
inUse:
type: array
description: List of usages of Access Profiles targeted for deletion.
items:
type: object
properties:
accessProfileId:
type: string
description: ID of the Access Profile that is in use
example: 2c91808876438bbb017668c21919ecca
usedBy:
type: array
description: List of references to objects which are using the indicated Access Profile
items:
type: object
description: Role using the access profile.
properties:
type:
type: string
description: DTO type of role using the access profile.
enum:
- ROLE
example: ROLE
id:
type: string
description: ID of role using the access profile.
example: 2c8180857a9b3da0017aa03418480f9d
name:
type: string
description: Display name of role using the access profile.
example: Manager Role
example:
taskId: 2c91808a7813090a01781412a1119a20
pending:
- 2c91808a7813090a017813fe1919ecca
inUse:
- accessProfileId: 2c91808876438ba801766e129f151816
usages:
- type: Role
id: 2c9180887643764201766e9f6e121518
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:access-profile:manage'
- applicationAuth:
- 'idn:access-profile:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
'/access-profiles/{id}/entitlements':
get:
operationId: getAccessProfileEntitlements
tags:
- Access Profiles
summary: List access profile's entitlements
description: |-
Use this API to get a list of an access profile's entitlements.
A SOURCE_SUBADMIN user must have access to the source associated with the specified access profile.
>**Note:** When you filter for access profiles that have the '+' symbol in their names, the response is blank.
parameters:
- name: id
in: path
description: ID of the access profile containing the entitlements.
required: true
x-sailpoint-resource-operation-id: listAccessProfiles
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**attribute**: *eq, sw*
**value**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**source.id**: *eq, in*
Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names.
example: attribute eq "memberOf"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, attribute, value, created, modified**
example: 'name,-modified'
required: false
responses:
'200':
description: List of entitlements.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
attribute:
type: string
description: The entitlement attribute name
example: memberOf
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
description:
type: string
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
nullable: true
privileged:
type: boolean
description: True if the entitlement is privileged
default: false
example: true
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
default: false
example: true
requestable:
type: boolean
description: True if the entitlement is able to be directly requested
example: true
default: false
owner:
type: object
description: The identity that owns the entitlement
nullable: true
properties:
id:
type: string
description: The identity ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
enum:
- IDENTITY
description: The type of object
example: IDENTITY
name:
type: string
description: The display name of the identity
example: john.doe
manuallyUpdatedFields:
type: object
description: 'A map of entitlement fields that have been manually updated. The key is the field name in UPPER_SNAKE_CASE format, and the value is true or false to indicate if the field has been updated.'
nullable: true
additionalProperties: true
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
type: object
description: Additional data to classify the entitlement
properties:
attributes:
type: array
items:
type: object
description: Metadata that describes an access item
properties:
key:
type: string
description: Unique identifier for the metadata type
example: iscCsp
name:
type: string
description: Human readable name of the metadata type
example: CSP
multiselect:
type: boolean
default: false
example: true
description: Allows selecting multiple values
status:
type: string
description: The state of the metadata item
example: active
type:
type: string
description: The type of the metadata item
example: governance
objectTypes:
type: array
description: The types of objects
example:
- general
items:
type: string
example: general
description:
type: string
description: Describes the metadata item
example: Indicates the type of deployment environment of an access item.
values:
type: array
description: The value to assign to the metadata item
items:
type: object
description: An individual value to assign to the metadata item
properties:
value:
type: string
description: The value to assign to the metdata item
example: development
name:
type: string
description: Display name of the value
example: Development
status:
type: string
description: The status of the individual value
example: active
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
example: HereIsRight1
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:access-profile:read'
- applicationAuth:
- 'idn:access-profile:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
/access-requests:
post:
operationId: createAccessRequest
security:
- userAuth:
- 'idn:access-request:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- USER
summary: Submit access request
tags:
- Access Requests
description: |
Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.
Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request
has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn't return an error
if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.
It's best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can
be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also
use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting
an access request to ensure that you aren't requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.
These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.
There are two types of access request:
__GRANT_ACCESS__
* Can be requested for multiple identities in a single request.
* Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.
* Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others.
* Roles, access profiles and entitlements can be requested.
* While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.
* Now supports an alternate field 'requestedForWithRequestedItems' for users to specify account selections while requesting items where they have more than one account on the source.
__REVOKE_ACCESS__
* Can only be requested for a single identity at a time.
* You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.
* Does not support self request. Only manager can request to revoke access for their directly managed employees.
* If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements.
* Roles, access profiles, and entitlements can be requested for revocation.
* Revoke requests for entitlements are limited to 1 entitlement per access request currently.
* You can specify a `removeDate` if the access doesn't already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.
* Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone.
* Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of 'assignmentId' and 'nativeIdentity' fields. These fields should be used within the 'requestedItems' section for the revoke requests.
* Usage of 'requestedForWithRequestedItems' field is not supported for revoke requests.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
requestedFor:
description: 'A list of Identity IDs for whom the Access is requested. If it''s a Revoke request, there can only be one Identity ID.'
type: array
items:
type: string
example: 2c918084660f45d6016617daa9210584
requestType:
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
example: GRANT_ACCESS
nullable: true
requestedItems:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of the item being requested.
example: ACCESS_PROFILE
id:
type: string
description: 'ID of Role, Access Profile or Entitlement being requested.'
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: |
Comment provided by requester.
* Comment is required when the request is of type Revoke Access.
example: Requesting access profile for John Doe
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
removeDate:
type: string
description: |
The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date.
* Specify a date in the future.
* The current SLA for the deprovisioning is 24 hours.
* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration.
format: date-time
example: '2020-07-11T21:23:15.000Z'
assignmentId:
type: string
nullable: true
description: |
The assignmentId for a specific role assignment on the identity. This id is used to revoke that specific roleAssignment on that identity.
* For use with REVOKE_ACCESS requests for roles for identities with multiple accounts on a single source.
example: ee48a191c00d49bf9264eb0a4fc3a9fc
nativeIdentity:
type: string
nullable: true
description: |
The unique identifier for an account on the identity, designated as the account ID attribute in the source's account schema. This is used to revoke a specific attributeAssignment on the identity.
* For use with REVOKE_ACCESS requests for entitlements for identities with multiple accounts on a single source.
example: 'CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN'
required:
- id
- type
minItems: 1
maxItems: 25
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.
requestedForWithRequestedItems:
description: |
Additional submit data structure with requestedFor containing requestedItems allowing distinction for each request item and Identity.
* Can only be used when 'requestedFor' and 'requestedItems' are not separately provided
* Adds ability to specify which account the user wants the access on, in case they have multiple accounts on a source
* Allows the ability to request items with different remove dates
* Also allows different combinations of request items and identities in the same request
* Only for use in GRANT_ACCESS type requests
type: array
items:
type: object
properties:
identityId:
type: string
nullable: false
description: The identity id for which the access is requested
example: cb89bc2f1ee6445fbea12224c526ba3a
requestedItems:
description: the details for the access items that are requested for the identity
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of the item being requested.
example: ACCESS_PROFILE
id:
type: string
description: 'ID of Role, Access Profile or Entitlement being requested.'
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: |
Comment provided by requester.
* Comment is required when the request is of type Revoke Access.
example: Requesting access profile for John Doe
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
removeDate:
type: string
description: |
The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date.
* Specify a date in the future.
* The current SLA for the deprovisioning is 24 hours.
* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration.
format: date-time
example: '2020-07-11T21:23:15.000Z'
accountSelection:
type: array
items:
type: object
properties:
sourceId:
type: string
nullable: true
description: The id for the source on which account selections are made
example: cb89bc2f1ee6445fbea12224c526ba3a
accounts:
description: 'A list of account selections on the source. Currently, only one selection per source is supported.'
type: array
items:
type: object
properties:
accountUuid:
type: string
nullable: true
description: 'The uuid for the account, available under the ''objectguid'' attribute'
example: '{fab7119e-004f-4822-9c33-b8d570d6c6a6}'
nativeIdentity:
type: string
nullable: false
description: The 'distinguishedName' attribute for the account
example: 'CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local'
nullable: true
nullable: true
description: |
The accounts where the access item will be provisioned to
* Includes selections performed by the user in the event of multiple accounts existing on the same source
* Also includes details for sources where user only has one account
required:
- id
- type
nullable: false
required:
- identityId
- requestedItems
nullable: true
required:
- requestedFor
- requestedItems
responses:
'202':
description: Access Request Response.
content:
application/json:
schema:
type: object
properties:
newRequests:
description: A list of new access request tracking data mapped to the values requested.
type: array
items:
type: object
properties:
requestedFor:
type: string
description: The identity id in which the access request is for.
example: 2c918084660f45d6016617daa9210584
requestedItemsDetails:
type: array
description: The details of the item requested.
example: |-
{
"type": "ENTITLEMENT",
"id": "779c6fd7171540bba1184e5946112c28"
}
items:
type: object
properties:
type:
type: string
description: The type of access item requested.
enum:
- ACCESS_PROFILE
- ENTITLEMENT
- ROLE
example: ENTITLEMENT
id:
type: string
description: The id of the access item requested.
example: 779c6fd7171540bba1184e5946112c28
attributesHash:
type: integer
format: int32
description: 'a hash representation of the access requested, useful for longer term tracking client side.'
example: -1928438224
accessRequestIds:
type: array
items:
type: string
description: 'a list of access request identifiers, generally only one will be populated, but high volume requested may result in multiple ids.'
example:
- 5d3118c518a44ec7805450d53479ccdb
example:
- requestedFor: 899fd612ecfc4cf3bf48f14d0afdef89
requestedItemsDetails:
- type: ENTITLEMENT
id: 779c6fd7171540bba1184e5946112c28
attributesHash: -1928438224
accessRequestIds:
- 5d3118c518a44ec7805450d53479ccdb
existingRequests:
description: A list of existing access request tracking data mapped to the values requested. This indicates access has already been requested for this item.
type: array
items:
type: object
properties:
requestedFor:
type: string
description: The identity id in which the access request is for.
example: 2c918084660f45d6016617daa9210584
requestedItemsDetails:
type: array
description: The details of the item requested.
example: |-
{
"type": "ENTITLEMENT",
"id": "779c6fd7171540bba1184e5946112c28"
}
items:
type: object
properties:
type:
type: string
description: The type of access item requested.
enum:
- ACCESS_PROFILE
- ENTITLEMENT
- ROLE
example: ENTITLEMENT
id:
type: string
description: The id of the access item requested.
example: 779c6fd7171540bba1184e5946112c28
attributesHash:
type: integer
format: int32
description: 'a hash representation of the access requested, useful for longer term tracking client side.'
example: -1928438224
accessRequestIds:
type: array
items:
type: string
description: 'a list of access request identifiers, generally only one will be populated, but high volume requested may result in multiple ids.'
example:
- 5d3118c518a44ec7805450d53479ccdb
example:
- requestedFor: 899fd612ecfc4cf3bf48f14d0afdef89
requestedItemsDetails:
- type: ROLE
id: 779c6fd7171540bbc1184e5946112c28
attributesHash: 2843118224
accessRequestIds:
- 5d3118c518a44ec7805450d53479ccdc
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-requests/cancel:
post:
operationId: cancelAccessRequest
security:
- userAuth:
- 'idn:access-request:cancel'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Access Requests
summary: Cancel access request
description: |-
This API endpoint cancels a pending access request. An access request can be cancelled only if it has not passed the approval step.
In addition to users with ORG_ADMIN, any user who originally submitted the access request may cancel it.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Request body payload for cancel access request endpoint.
required:
- accountActivityId
- comment
properties:
accountActivityId:
type: string
description: 'This refers to the identityRequestId. To successfully cancel an access request, you must provide the identityRequestId.'
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: Reason for cancelling the pending access request.
example: I requested this role by mistake.
example:
accountActivityId: 2c91808568c529c60168cca6f90c1313
comment: I requested this role by mistake.
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-requests/bulk-cancel:
post:
operationId: cancelAccessRequestInBulk
security:
- userAuth:
- 'idn:access-request-administration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Access Requests
summary: Bulk cancel access request
description: |-
This API endpoint allows cancelling pending access requests in bulk. Maximum of 50 access request ids can be provided in the request for one single invocation.
Only ORG_ADMIN or users with rights "idn:access-request-administration:write" can cancel the access requests in bulk.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Request body payload for bulk cancel access request endpoint.
required:
- accessRequestIds
- comment
properties:
accessRequestIds:
type: array
description: List of access requests ids to cancel the pending requests
items:
type: string
example:
- 2c9180835d2e5168015d32f890ca1581
- 2c9180835d2e5168015d32f890ca1582
comment:
type: string
description: Reason for cancelling the pending access request.
example: I requested this role by mistake.
example:
accessRequestIds:
- 2c91808568c529c60168cca6f90c1313
- 2c91808568c529c60168cca6f90c1314
comment: I requested this role by mistake.
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-requests/accounts-selection:
post:
operationId: loadAccountSelections
security:
- userAuth:
- 'idn:access-request:create'
x-sailpoint-userLevels:
- ORG_ADMIN
- USER
summary: Get accounts selections for identity
tags:
- Access Requests
description: |
Use this API to fetch account information for an identity against the items in an access request.
Used to fetch accountSelection for the AccessRequest prior to submitting for async processing.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
requestedFor:
description: A list of Identity IDs for whom the Access is requested.
type: array
items:
type: string
example: 2c918084660f45d6016617daa9210584
requestType:
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
example: GRANT_ACCESS
nullable: true
requestedItems:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of the item being requested.
example: ACCESS_PROFILE
id:
type: string
description: 'ID of Role, Access Profile or Entitlement being requested.'
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: |
Comment provided by requester.
* Comment is required when the request is of type Revoke Access.
example: Requesting access profile for John Doe
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
removeDate:
type: string
description: |
The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date.
* Specify a date in the future.
* The current SLA for the deprovisioning is 24 hours.
* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration.
format: date-time
example: '2020-07-11T21:23:15.000Z'
assignmentId:
type: string
nullable: true
description: |
The assignmentId for a specific role assignment on the identity. This id is used to revoke that specific roleAssignment on that identity.
* For use with REVOKE_ACCESS requests for roles for identities with multiple accounts on a single source.
example: ee48a191c00d49bf9264eb0a4fc3a9fc
nativeIdentity:
type: string
nullable: true
description: |
The unique identifier for an account on the identity, designated as the account ID attribute in the source's account schema. This is used to revoke a specific attributeAssignment on the identity.
* For use with REVOKE_ACCESS requests for entitlements for identities with multiple accounts on a single source.
example: 'CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN'
required:
- id
- type
minItems: 1
maxItems: 25
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
description: 'Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities. '
required:
- requestedFor
- requestedItems
responses:
'200':
description: Accounts Selection Response
content:
application/json:
schema:
type: object
properties:
identities:
description: 'A list of available account selections per identity in the request, for all the requested items'
type: array
items:
type: object
properties:
requestedItems:
description: 'Available account selections for the identity, per requested item'
type: array
items:
type: object
properties:
description:
type: string
description: The description for this requested item
example: An access profile for the admins
accountsSelectionBlocked:
type: boolean
default: false
description: |
This field indicates if account selections are not allowed for this requested item.
* If true, this field indicates that account selections will not be available for this item and user combination. In this case, no account selections should be provided in the access request for this item and user combination, irrespective of whether the user has single or multiple accounts on a source.
* An example is where a user is requesting an access profile that is already assigned to one of their accounts.
example: false
accountsSelectionBlockedReason:
type: string
description: 'If account selections are not allowed for an item, this field will denote the reason.'
nullable: true
example: ACCESS_PROFILE_ALREADY_ASSIGNED_TO_AN_ACCOUNT
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of the item being requested.
example: ACCESS_PROFILE
id:
type: string
description: The id of the requested item
example: 720fd239701344aea76c93ba91376aec
name:
type: string
description: The name of the requested item
example: Test Access Profile
sources:
description: The details for the sources and accounts for the requested item and identity combination
type: array
items:
type: object
properties:
type:
description: DTO type
example: SOURCE
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
id:
description: The source id
type: string
example: 3ac3c43785a845fa9820b0c1ac767cd5
name:
description: The source name
example: Test Source_Name
type: string
accounts:
description: The accounts information for a particular source in the requested item
type: array
items:
type: object
properties:
uuid:
type: string
description: 'The uuid for the account, available under the ''objectguid'' attribute'
example: '{fab7119e-004f-4822-9c33-b8d570d6c6a6}'
nativeIdentity:
type: string
description: The 'distinguishedName' attribute for the account
example: 'CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local'
type:
description: DTO type
example: ACCOUNT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
id:
type: string
description: The account id
example: f19d168c27374fd1aff3b483573f997f
name:
type: string
description: The account display name
example: UserAccount.761a2248b
accountsSelectionRequired:
description: A boolean indicating whether any account selections will be required for the user to raise an access request
type: boolean
example: false
default: false
type:
description: DTO type
example: IDENTITY
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
id:
description: The identity id for the user
type: string
example: 70016590f2df4b879bdb1313a9e4e19e
name:
description: The name of the identity
type: string
example: User name
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-config:
get:
operationId: getAccessRequestConfig
security:
- userAuth:
- 'idn:access-request-config:read'
summary: Get access request configuration
tags:
- Access Requests
description: This endpoint returns the current access-request configuration.
responses:
'200':
description: Access Request Configuration Details.
content:
application/json:
schema:
type: object
properties:
approvalsMustBeExternal:
type: boolean
description: 'If this is true, approvals must be processed by an external system. Also, if this is true, it blocks Request Center access requests and returns an error for any user who isn''t an org admin.'
default: false
example: true
autoApprovalEnabled:
type: boolean
description: 'If this is true and the requester and reviewer are the same, the request is automatically approved.'
default: false
example: true
reauthorizationEnabled:
type: boolean
description: 'If this is true, reauthorization will be enforced for appropriately configured access items. Enablement of this feature is currently in a limited state.'
default: false
example: true
requestOnBehalfOfConfig:
description: Request On Behalf Of configuration.
type: object
properties:
allowRequestOnBehalfOfAnyoneByAnyone:
type: boolean
description: 'If this is true, anyone can request access for anyone.'
default: false
example: true
allowRequestOnBehalfOfEmployeeByManager:
type: boolean
description: 'If this is true, a manager can request access for his or her direct reports.'
default: false
example: true
approvalReminderAndEscalationConfig:
description: Approval reminder and escalation configuration.
type: object
properties:
daysUntilEscalation:
type: integer
description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.'
format: int32
example: 0
nullable: true
daysBetweenReminders:
type: integer
description: Number of days to wait between reminder notifications.
format: int32
example: 0
nullable: true
maxReminders:
type: integer
description: Maximum number of reminder notification to send to the reviewer before approval escalation.
format: int32
minimum: 1
example: 1
nullable: true
fallbackApproverRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
entitlementRequestConfig:
description: Entitlement request configuration.
type: object
properties:
accessRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
reauthorizationRequired:
type: boolean
description: Is Reauthorization Required
default: false
example: false
revocationRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setAccessRequestConfig
security:
- userAuth:
- 'idn:access-request-config:update'
x-sailpoint-userLevels:
- ORG_ADMIN
summary: Update access request configuration
tags:
- Access Requests
description: This endpoint replaces the current access-request configuration.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
approvalsMustBeExternal:
type: boolean
description: 'If this is true, approvals must be processed by an external system. Also, if this is true, it blocks Request Center access requests and returns an error for any user who isn''t an org admin.'
default: false
example: true
autoApprovalEnabled:
type: boolean
description: 'If this is true and the requester and reviewer are the same, the request is automatically approved.'
default: false
example: true
reauthorizationEnabled:
type: boolean
description: 'If this is true, reauthorization will be enforced for appropriately configured access items. Enablement of this feature is currently in a limited state.'
default: false
example: true
requestOnBehalfOfConfig:
description: Request On Behalf Of configuration.
type: object
properties:
allowRequestOnBehalfOfAnyoneByAnyone:
type: boolean
description: 'If this is true, anyone can request access for anyone.'
default: false
example: true
allowRequestOnBehalfOfEmployeeByManager:
type: boolean
description: 'If this is true, a manager can request access for his or her direct reports.'
default: false
example: true
approvalReminderAndEscalationConfig:
description: Approval reminder and escalation configuration.
type: object
properties:
daysUntilEscalation:
type: integer
description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.'
format: int32
example: 0
nullable: true
daysBetweenReminders:
type: integer
description: Number of days to wait between reminder notifications.
format: int32
example: 0
nullable: true
maxReminders:
type: integer
description: Maximum number of reminder notification to send to the reviewer before approval escalation.
format: int32
minimum: 1
example: 1
nullable: true
fallbackApproverRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
entitlementRequestConfig:
description: Entitlement request configuration.
type: object
properties:
accessRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
reauthorizationRequired:
type: boolean
description: Is Reauthorization Required
default: false
example: false
revocationRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
responses:
'200':
description: Access Request Configuration Details.
content:
application/json:
schema:
type: object
properties:
approvalsMustBeExternal:
type: boolean
description: 'If this is true, approvals must be processed by an external system. Also, if this is true, it blocks Request Center access requests and returns an error for any user who isn''t an org admin.'
default: false
example: true
autoApprovalEnabled:
type: boolean
description: 'If this is true and the requester and reviewer are the same, the request is automatically approved.'
default: false
example: true
reauthorizationEnabled:
type: boolean
description: 'If this is true, reauthorization will be enforced for appropriately configured access items. Enablement of this feature is currently in a limited state.'
default: false
example: true
requestOnBehalfOfConfig:
description: Request On Behalf Of configuration.
type: object
properties:
allowRequestOnBehalfOfAnyoneByAnyone:
type: boolean
description: 'If this is true, anyone can request access for anyone.'
default: false
example: true
allowRequestOnBehalfOfEmployeeByManager:
type: boolean
description: 'If this is true, a manager can request access for his or her direct reports.'
default: false
example: true
approvalReminderAndEscalationConfig:
description: Approval reminder and escalation configuration.
type: object
properties:
daysUntilEscalation:
type: integer
description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.'
format: int32
example: 0
nullable: true
daysBetweenReminders:
type: integer
description: Number of days to wait between reminder notifications.
format: int32
example: 0
nullable: true
maxReminders:
type: integer
description: Maximum number of reminder notification to send to the reviewer before approval escalation.
format: int32
minimum: 1
example: 1
nullable: true
fallbackApproverRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
entitlementRequestConfig:
description: Entitlement request configuration.
type: object
properties:
accessRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
reauthorizationRequired:
type: boolean
description: Is Reauthorization Required
default: false
example: false
revocationRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-status:
get:
operationId: listAccessRequestStatus
security:
- userAuth:
- 'idn:access-request-status:read'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Access Requests
summary: Access request status
description: |-
Use this API to return a list of access request statuses based on the specified query parameters.
If an access request was made for access that an identity already has, the API ignores the access request. These ignored requests do not display in the list of access request statuses.
Any user with any user level can get the status of their own access requests. A user with ORG_ADMIN is required to call this API to get a list of statuses for other users.
parameters:
- in: query
name: requested-for
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the identity the requests were made for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
- in: query
name: requested-by
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the identity who made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
- in: query
name: regarding-identity
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the specified identity who is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.
required: false
- in: query
name: assigned-to
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the specified identity who is the owner of the Identity Request Work Item. *me* indicates the current user.
required: false
- in: query
name: count
description: 'If this is true, the *X-Total-Count* response header populates with the number of results that would be returned if limit and offset were ignored.'
required: false
schema:
type: boolean
default: false
example: false
- in: query
name: limit
description: Max number of results to return.
required: false
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
example: 100
- in: query
name: offset
description: Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.
required: false
schema:
type: integer
format: int32
minimum: 0
example: 10
- in: query
name: filters
schema:
type: string
example: accountActivityItemId eq "2c918086771c86df0177401efcdf54c0"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**accessRequestId**: *in*
**accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**created**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified, accountActivityItemId, name**
example: created
required: false
- in: query
name: request-state
schema:
type: string
example: request-state=EXECUTING
description: Filter the results by the state of the request. The only valid value is *EXECUTING*.
required: false
responses:
'200':
description: List of requested item statuses.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: 'The ID of the access request. As of 2025, this is a new property. Older access requests might not have an ID.'
example: 2c9180926cbfbddd016cbfc7c3b10010
nullable: true
name:
type: string
description: Human-readable display name of the item being requested.
example: AccessProfile1
nullable: true
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
- null
description: Type of requested object.
example: ACCESS_PROFILE
nullable: true
cancelledRequestDetails:
allOf:
- type: object
properties:
comment:
type: string
description: Comment made by the owner when cancelling the associated request.
example: This request must be cancelled.
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
modified:
type: string
format: date-time
description: Date comment was added by the owner when cancelling the associated request.
example: '2019-12-20T09:17:12.192Z'
description: Provides additional details for a request that has been cancelled.
- nullable: true
errorMessages:
type: array
nullable: true
items:
type: array
description: List of error messages
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
example:
locale: en-US
localeOrigin: DEFAULT
text: Error Message
description: 'List of list of localized error messages, if any, encountered during the approval/provisioning process.'
state:
type: string
enum:
- EXECUTING
- REQUEST_COMPLETED
- CANCELLED
- TERMINATED
- PROVISIONING_VERIFICATION_PENDING
- REJECTED
- PROVISIONING_FAILED
- NOT_ALL_ITEMS_PROVISIONED
- ERROR
description: |-
Indicates the state of an access request:
* EXECUTING: The request is executing, which indicates the system is doing some processing.
* REQUEST_COMPLETED: Indicates the request has been completed.
* CANCELLED: The request was cancelled with no user input.
* TERMINATED: The request has been terminated before it was able to complete.
* PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified.
* REJECTED: The request was rejected.
* PROVISIONING_FAILED: The request has failed to complete.
* NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes.
* ERROR: An error occurred during request processing.
example: EXECUTING
approvalDetails:
type: array
items:
type: object
properties:
forwarded:
type: boolean
default: false
description: True if the request for this item was forwarded from one owner to another.
example: false
originalOwner:
type: object
description: Identity of orginal approval owner.
properties:
type:
type: string
description: DTO type of original approval owner's identity.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of original approval owner's identity.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of original approval owner.
example: Michael Michaels
currentOwner:
allOf:
- type: object
description: Identity who reviewed the access item request.
properties:
type:
type: string
description: DTO type of identity who reviewed the access item request.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who reviewed the access item request.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Human-readable display name of identity who reviewed the access item request.
example: Allen Albertson
- nullable: true
modified:
type: string
format: date-time
description: Time at which item was modified.
example: '2019-08-23T18:52:57.398Z'
nullable: true
status:
type: string
enum:
- PENDING
- APPROVED
- REJECTED
- EXPIRED
- CANCELLED
- ARCHIVED
description: |-
Indicates the state of the request processing for this item:
* PENDING: The request for this item is awaiting processing.
* APPROVED: The request for this item has been approved.
* REJECTED: The request for this item was rejected.
* EXPIRED: The request for this item expired with no action taken.
* CANCELLED: The request for this item was cancelled with no user action.
* ARCHIVED: The request for this item has been archived after completion.
example: PENDING
scheme:
type: string
enum:
- APP_OWNER
- SOURCE_OWNER
- MANAGER
- ROLE_OWNER
- ACCESS_PROFILE_OWNER
- ENTITLEMENT_OWNER
- GOVERNANCE_GROUP
description: Describes the individual or group that is responsible for an approval step.
example: MANAGER
errorMessages:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
description: 'If the request failed, includes any error messages that were generated.'
nullable: true
comment:
type: string
description: 'Comment, if any, provided by the approver.'
example: I approve this request
nullable: true
removeDate:
type: string
description: The date the role or access profile or entitlement is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
nullable: true
description: Approval details for each item.
approvalIds:
type: array
items:
type: string
description: List of approval IDs associated with the request.
example:
- 85f0cf482dd44327b593624c07906c21
- fa57e1bfa36f41ee85e33ee59fcbeac5
nullable: true
manualWorkItemDetails:
type: array
nullable: true
items:
type: object
properties:
forwarded:
type: boolean
default: false
description: True if the request for this item was forwarded from one owner to another.
example: true
originalOwner:
type: object
nullable: true
description: 'Identity of original work item owner, if the work item has been forwarded.'
properties:
type:
type: string
description: DTO type of original work item owner's identity.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of original work item owner's identity.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of original work item owner.
example: Michael Michaels
currentOwner:
type: object
description: Identity of current work item owner.
nullable: true
properties:
type:
type: string
description: DTO type of current work item owner's identity.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of current work item owner's identity.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Display name of current work item owner.
example: Allen Albertson
modified:
type: string
format: date-time
description: Time at which item was modified.
example: '2019-08-23T18:52:57.398Z'
status:
type: string
enum:
- PENDING
- APPROVED
- REJECTED
- EXPIRED
- CANCELLED
- ARCHIVED
description: |-
Indicates the state of the request processing for this item:
* PENDING: The request for this item is awaiting processing.
* APPROVED: The request for this item has been approved.
* REJECTED: The request for this item was rejected.
* EXPIRED: The request for this item expired with no action taken.
* CANCELLED: The request for this item was cancelled with no user action.
* ARCHIVED: The request for this item has been archived after completion.
example: PENDING
forwardHistory:
type: array
nullable: true
items:
type: object
properties:
oldApproverName:
type: string
description: Display name of approver from whom the approval was forwarded.
example: Frank Mir
newApproverName:
type: string
description: Display name of approver to whom the approval was forwarded.
example: Al Volta
comment:
type: string
nullable: true
description: Comment made while forwarding.
example: Forwarding from Frank to Al
modified:
type: string
format: date-time
description: Time at which approval was forwarded.
example: '2019-08-23T18:52:57.398Z'
forwarderName:
type: string
nullable: true
description: Display name of forwarder who forwarded the approval.
example: William Wilson
reassignmentType:
description: |-
The approval reassignment type.
* MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
* AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
* AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html).
* SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval).
example: AUTOMATIC_REASSIGNMENT
type: string
enum:
- MANUAL_REASSIGNMENT
- AUTOMATIC_REASSIGNMENT
- AUTO_ESCALATION
- SELF_REVIEW_DELEGATION
description: The history of approval forward action.
description: Manual work items created for provisioning the item.
accountActivityItemId:
type: string
description: Id of associated account activity item.
example: 2c9180926cbfbddd016cbfc7c3b10010
requestType:
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
example: GRANT_ACCESS
nullable: true
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
nullable: true
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
requester:
type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
requestedFor:
type: object
description: Identity access was requested for.
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
requesterComment:
allOf:
- type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
- nullable: true
description: The requester's comment.
sodViolationContext:
allOf:
- description: An object referencing a completed SOD violation check
type: object
nullable: true
properties:
state:
type: string
enum:
- SUCCESS
- ERROR
- null
description: The status of SOD violation check
example: SUCCESS
nullable: true
uuid:
description: The id of the Violation check event
type: string
example: f73d16e9-a038-46c5-b217-1246e15fdbdd
nullable: true
violationCheckResult:
description: The inner object representing the completed SOD Violation check
type: object
properties:
message:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
description: 'If the request failed, this includes any error message that was generated.'
example:
- locale: en-US
localeOrigin: DEFAULT
text: An error has occurred during the SOD violation check
clientMetadata:
type: object
nullable: true
additionalProperties:
type: string
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
violationContexts:
type: array
nullable: true
items:
description: The contextual information of the violated criteria
type: object
properties:
policy:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
conflictingAccessCriteria:
type: object
description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
properties:
leftCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
rightCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
violatedPolicies:
type: array
nullable: true
description: A list of the SOD policies that were violated.
items:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
- nullable: true
description: The details of the SOD violations for the associated approval.
provisioningDetails:
allOf:
- type: object
properties:
orderedSubPhaseReferences:
type: string
description: 'Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain "manualWorkItemDetails" which indicate that there is further information in that object for this phase.'
example: manualWorkItemDetails
description: Provides additional details about provisioning for this request.
- nullable: true
preApprovalTriggerDetails:
allOf:
- type: object
properties:
comment:
type: string
description: Comment left for the pre-approval decision
example: Access is Approved
reviewer:
type: string
description: The reviewer of the pre-approval decision
example: John Doe
decision:
type: string
enum:
- APPROVED
- REJECTED
description: The decision of the pre-approval trigger
example: APPROVED
description: Provides additional details about the pre-approval trigger for this request.
- nullable: true
accessRequestPhases:
type: array
items:
type: object
properties:
started:
type: string
description: The time that this phase started.
format: date-time
example: '2020-07-11T00:00:00Z'
finished:
type: string
description: The time that this phase finished.
format: date-time
example: '2020-07-12T00:00:00Z'
nullable: true
name:
type: string
description: The name of this phase.
example: APPROVAL_PHASE
state:
type: string
enum:
- PENDING
- EXECUTING
- COMPLETED
- CANCELLED
- NOT_EXECUTED
description: The state of this phase.
example: COMPLETED
result:
type: string
enum:
- SUCCESSFUL
- FAILED
- null
description: The state of this phase.
example: SUCCESSFUL
nullable: true
phaseReference:
type: string
description: 'A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items.'
example: approvalDetails
nullable: true
description: Provides additional details about this access request phase.
description: 'A list of Phases that the Access Request has gone through in order, to help determine the status of the request.'
nullable: true
description:
type: string
description: Description associated to the requested object.
example: This is the Engineering role that engineers are granted.
nullable: true
removeDate:
type: string
format: date-time
nullable: true
description: When the role access is scheduled for removal.
example: '2019-10-23T00:00:00.000Z'
cancelable:
type: boolean
default: false
description: True if the request can be canceled.
example: true
accessRequestId:
type: string
description: This is the account activity id.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
example:
key1: value1
key2: value2
requestedAccounts:
nullable: true
type: array
items:
type: object
properties:
name:
type: string
description: Display name of the account for the user
example: Glen.067da3248e914
type:
description: The type of item
example: ACCOUNT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
accountUuid:
type: string
nullable: true
description: The uuid for the account
example: '{fab7119e-004f-4822-9c33-b8d570d6c6a6}'
accountId:
type: string
nullable: true
description: The native identity for the account
example: 'CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local'
sourceName:
type: string
nullable: false
description: Display name of the source for the account
example: Multi Account AD source name
description: 'The accounts selected by the user for the access to be provisioned on, in case they have multiple accounts on one or more sources.'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-administration:
get:
operationId: listAdministratorsAccessRequestStatus
security:
- userAuth:
- 'idn:access-request-administration:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- 'idn:access-request-administration:read'
tags:
- Access Requests
summary: Access request status for administrators
description: |-
Use this API to get access request statuses of all the access requests in the org based on the specified query parameters.
Any user with user level ORG_ADMIN or scope idn:access-request-administration:read can access this endpoint to get the access request statuses
parameters:
- in: query
name: requested-for
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the identity the requests were made for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
- in: query
name: requested-by
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the identity who made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
- in: query
name: regarding-identity
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the specified identity who is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.
required: false
- in: query
name: assigned-to
schema:
type: string
example: 2c9180877b2b6ea4017b2c545f971429
description: Filter the results by the specified identity who is the owner of the Identity Request Work Item. *me* indicates the current user.
required: false
- in: query
name: count
description: 'If this is true, the *X-Total-Count* response header populates with the number of results that would be returned if limit and offset were ignored.'
required: false
schema:
type: boolean
default: false
example: false
- in: query
name: limit
description: Max number of results to return.
required: false
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
example: 100
- in: query
name: offset
description: Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.
required: false
schema:
type: integer
format: int32
minimum: 0
example: 10
- in: query
name: filters
schema:
type: string
example: accountActivityItemId eq "2c918086771c86df0177401efcdf54c0"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**accessRequestId**: *in*
**status**: *in, eq, ne*
**created**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified, accountActivityItemId, name, accessRequestId**
example: created
required: false
- in: query
name: request-state
schema:
type: string
example: request-state=EXECUTING
description: Filter the results by the state of the request. The only valid value is *EXECUTING*.
required: false
responses:
'200':
description: List of requested item statuses.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the access request. This is a new property as of 2025. Older access requests may not have an ID.
example: 2c9180926cbfbddd016cbfc7c3b10010
nullable: true
name:
type: string
description: Human-readable display name of the item being requested.
example: AccessProfile1
nullable: true
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
- null
description: Type of requested object.
example: ACCESS_PROFILE
nullable: true
cancelledRequestDetails:
allOf:
- type: object
properties:
comment:
type: string
description: Comment made by the owner when cancelling the associated request.
example: This request must be cancelled.
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
modified:
type: string
format: date-time
description: Date comment was added by the owner when cancelling the associated request.
example: '2019-12-20T09:17:12.192Z'
description: Provides additional details for a request that has been cancelled.
- nullable: true
errorMessages:
type: array
nullable: true
items:
type: array
description: List of error messages
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
example:
locale: en-US
localeOrigin: DEFAULT
text: Error Message
description: 'List of localized error messages, if any, encountered during the approval/provisioning process.'
state:
type: string
enum:
- EXECUTING
- REQUEST_COMPLETED
- CANCELLED
- TERMINATED
- PROVISIONING_VERIFICATION_PENDING
- REJECTED
- PROVISIONING_FAILED
- NOT_ALL_ITEMS_PROVISIONED
- ERROR
description: |-
Indicates the state of an access request:
* EXECUTING: The request is executing, which indicates the system is doing some processing.
* REQUEST_COMPLETED: Indicates the request has been completed.
* CANCELLED: The request was cancelled with no user input.
* TERMINATED: The request has been terminated before it was able to complete.
* PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified.
* REJECTED: The request was rejected.
* PROVISIONING_FAILED: The request has failed to complete.
* NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes.
* ERROR: An error occurred during request processing.
example: EXECUTING
approvalDetails:
type: array
items:
type: object
properties:
forwarded:
type: boolean
default: false
description: True if the request for this item was forwarded from one owner to another.
example: false
originalOwner:
type: object
description: Identity of orginal approval owner.
properties:
type:
type: string
description: DTO type of original approval owner's identity.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of original approval owner's identity.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of original approval owner.
example: Michael Michaels
currentOwner:
allOf:
- type: object
description: Identity who reviewed the access item request.
properties:
type:
type: string
description: DTO type of identity who reviewed the access item request.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who reviewed the access item request.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Human-readable display name of identity who reviewed the access item request.
example: Allen Albertson
- nullable: true
modified:
type: string
format: date-time
description: Time at which item was modified.
example: '2019-08-23T18:52:57.398Z'
nullable: true
status:
type: string
enum:
- PENDING
- APPROVED
- REJECTED
- EXPIRED
- CANCELLED
- ARCHIVED
description: |-
Indicates the state of the request processing for this item:
* PENDING: The request for this item is awaiting processing.
* APPROVED: The request for this item has been approved.
* REJECTED: The request for this item was rejected.
* EXPIRED: The request for this item expired with no action taken.
* CANCELLED: The request for this item was cancelled with no user action.
* ARCHIVED: The request for this item has been archived after completion.
example: PENDING
scheme:
type: string
enum:
- APP_OWNER
- SOURCE_OWNER
- MANAGER
- ROLE_OWNER
- ACCESS_PROFILE_OWNER
- ENTITLEMENT_OWNER
- GOVERNANCE_GROUP
description: Describes the individual or group that is responsible for an approval step.
example: MANAGER
errorMessages:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
description: 'If the request failed, includes any error messages that were generated.'
nullable: true
comment:
type: string
description: 'Comment, if any, provided by the approver.'
example: I approve this request
nullable: true
removeDate:
type: string
description: The date the role or access profile or entitlement is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
nullable: true
description: Approval details for each item.
manualWorkItemDetails:
type: array
nullable: true
items:
type: object
properties:
forwarded:
type: boolean
default: false
description: True if the request for this item was forwarded from one owner to another.
example: true
originalOwner:
type: object
nullable: true
description: 'Identity of original work item owner, if the work item has been forwarded.'
properties:
type:
type: string
description: DTO type of original work item owner's identity.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of original work item owner's identity.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of original work item owner.
example: Michael Michaels
currentOwner:
type: object
description: Identity of current work item owner.
nullable: true
properties:
type:
type: string
description: DTO type of current work item owner's identity.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of current work item owner's identity.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Display name of current work item owner.
example: Allen Albertson
modified:
type: string
format: date-time
description: Time at which item was modified.
example: '2019-08-23T18:52:57.398Z'
status:
type: string
enum:
- PENDING
- APPROVED
- REJECTED
- EXPIRED
- CANCELLED
- ARCHIVED
description: |-
Indicates the state of the request processing for this item:
* PENDING: The request for this item is awaiting processing.
* APPROVED: The request for this item has been approved.
* REJECTED: The request for this item was rejected.
* EXPIRED: The request for this item expired with no action taken.
* CANCELLED: The request for this item was cancelled with no user action.
* ARCHIVED: The request for this item has been archived after completion.
example: PENDING
forwardHistory:
type: array
nullable: true
items:
type: object
properties:
oldApproverName:
type: string
description: Display name of approver from whom the approval was forwarded.
example: Frank Mir
newApproverName:
type: string
description: Display name of approver to whom the approval was forwarded.
example: Al Volta
comment:
type: string
nullable: true
description: Comment made while forwarding.
example: Forwarding from Frank to Al
modified:
type: string
format: date-time
description: Time at which approval was forwarded.
example: '2019-08-23T18:52:57.398Z'
forwarderName:
type: string
nullable: true
description: Display name of forwarder who forwarded the approval.
example: William Wilson
reassignmentType:
description: |-
The approval reassignment type.
* MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
* AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
* AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html).
* SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval).
example: AUTOMATIC_REASSIGNMENT
type: string
enum:
- MANUAL_REASSIGNMENT
- AUTOMATIC_REASSIGNMENT
- AUTO_ESCALATION
- SELF_REVIEW_DELEGATION
description: The history of approval forward action.
description: Manual work items created for provisioning the item.
accountActivityItemId:
type: string
description: Id of associated account activity item.
example: 2c9180926cbfbddd016cbfc7c3b10010
requestType:
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
example: GRANT_ACCESS
nullable: true
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
nullable: true
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
requester:
type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
requestedFor:
type: object
description: Identity access was requested for.
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
requesterComment:
allOf:
- type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
- nullable: true
description: The requester's comment.
sodViolationContext:
allOf:
- description: An object referencing a completed SOD violation check
type: object
nullable: true
properties:
state:
type: string
enum:
- SUCCESS
- ERROR
- null
description: The status of SOD violation check
example: SUCCESS
nullable: true
uuid:
description: The id of the Violation check event
type: string
example: f73d16e9-a038-46c5-b217-1246e15fdbdd
nullable: true
violationCheckResult:
description: The inner object representing the completed SOD Violation check
type: object
properties:
message:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
description: 'If the request failed, this includes any error message that was generated.'
example:
- locale: en-US
localeOrigin: DEFAULT
text: An error has occurred during the SOD violation check
clientMetadata:
type: object
nullable: true
additionalProperties:
type: string
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
violationContexts:
type: array
nullable: true
items:
description: The contextual information of the violated criteria
type: object
properties:
policy:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
conflictingAccessCriteria:
type: object
description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
properties:
leftCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
rightCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
violatedPolicies:
type: array
nullable: true
description: A list of the SOD policies that were violated.
items:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
- nullable: true
description: The details of the SOD violations for the associated approval.
provisioningDetails:
allOf:
- type: object
properties:
orderedSubPhaseReferences:
type: string
description: 'Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain "manualWorkItemDetails" which indicate that there is further information in that object for this phase.'
example: manualWorkItemDetails
description: Provides additional details about provisioning for this request.
- nullable: true
preApprovalTriggerDetails:
allOf:
- type: object
properties:
comment:
type: string
description: Comment left for the pre-approval decision
example: Access is Approved
reviewer:
type: string
description: The reviewer of the pre-approval decision
example: John Doe
decision:
type: string
enum:
- APPROVED
- REJECTED
description: The decision of the pre-approval trigger
example: APPROVED
description: Provides additional details about the pre-approval trigger for this request.
- nullable: true
accessRequestPhases:
type: array
items:
type: object
properties:
started:
type: string
description: The time that this phase started.
format: date-time
example: '2020-07-11T00:00:00Z'
finished:
type: string
description: The time that this phase finished.
format: date-time
example: '2020-07-12T00:00:00Z'
nullable: true
name:
type: string
description: The name of this phase.
example: APPROVAL_PHASE
state:
type: string
enum:
- PENDING
- EXECUTING
- COMPLETED
- CANCELLED
- NOT_EXECUTED
description: The state of this phase.
example: COMPLETED
result:
type: string
enum:
- SUCCESSFUL
- FAILED
- null
description: The state of this phase.
example: SUCCESSFUL
nullable: true
phaseReference:
type: string
description: 'A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items.'
example: approvalDetails
nullable: true
description: Provides additional details about this access request phase.
description: 'A list of Phases that the Access Request has gone through in order, to help determine the status of the request.'
nullable: true
description:
type: string
description: Description associated to the requested object.
example: This is the Engineering role that engineers are granted.
nullable: true
removeDate:
type: string
format: date-time
nullable: true
description: When the role access is scheduled for removal.
example: '2019-10-23T00:00:00.000Z'
cancelable:
type: boolean
default: false
description: True if the request can be canceled.
example: true
reauthorizationRequired:
type: boolean
default: false
description: True if re-auth is required.
example: true
accessRequestId:
type: string
description: This is the account activity id.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
example:
key1: value1
key2: value2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-approvals/pending:
get:
operationId: listPendingApprovals
security:
- userAuth:
- 'idn:access-request-approvals:read'
x-sailpoint-userLevels:
- ORG_ADMIN
summary: Pending access request approvals list
tags:
- Access Request Approvals
description: This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info.
parameters:
- in: query
name: owner-id
schema:
type: string
description: |-
If present, the value returns only pending approvals for the specified identity.
* ORG_ADMIN users can call this with any identity ID value.
* ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.
* Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.
example: 2c91808568c529c60168cca6f90c1313
required: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**requestedFor.id**: *eq, in*
**modified**: *gt, lt, ge, le, eq, in*
**accessRequestId**: *eq, in*
**created**: *gt, lt, ge, le, eq, in*
example: id eq "2c91808568c529c60168cca6f90c1313"
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified**
example: modified
responses:
'200':
description: List of Pending Approvals.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The approval id.
example: id12345
accessRequestId:
type: string
description: This is the access request id.
example: 2b838de9db9babcfe646d4f274ad4238
name:
type: string
description: The name of the approval.
example: aName
created:
type: string
format: date-time
description: When the approval was created.
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: When the approval was modified last time.
example: '2018-07-25T20:22:28.104Z'
requestCreated:
type: string
format: date-time
description: When the access-request was created.
example: '2017-07-11T18:45:35.098Z'
requestType:
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
example: GRANT_ACCESS
nullable: true
requester:
type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
requestedFor:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
owner:
type: object
description: Access item owner's identity.
properties:
type:
type: string
description: Access item owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Access item owner's human-readable display name.
example: Support
requestedObject:
description: The requested access item.
type: object
properties:
id:
type: string
description: Id of the object.
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: Name of the object.
example: Applied Research Access
description:
type: string
description: Description of the object.
example: 'Access to research information, lab results, and schematics'
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: Type of the object.
example: ROLE
requesterComment:
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
description: The requester's comment.
previousReviewersComments:
type: array
items:
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
description: The history of the previous reviewers comments.
forwardHistory:
type: array
items:
type: object
properties:
oldApproverName:
type: string
description: Display name of approver from whom the approval was forwarded.
example: Frank Mir
newApproverName:
type: string
description: Display name of approver to whom the approval was forwarded.
example: Al Volta
comment:
type: string
nullable: true
description: Comment made while forwarding.
example: Forwarding from Frank to Al
modified:
type: string
format: date-time
description: Time at which approval was forwarded.
example: '2019-08-23T18:52:57.398Z'
forwarderName:
type: string
nullable: true
description: Display name of forwarder who forwarded the approval.
example: William Wilson
reassignmentType:
description: |-
The approval reassignment type.
* MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
* AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
* AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html).
* SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval).
example: AUTOMATIC_REASSIGNMENT
type: string
enum:
- MANUAL_REASSIGNMENT
- AUTOMATIC_REASSIGNMENT
- AUTO_ESCALATION
- SELF_REVIEW_DELEGATION
description: The history of approval forward action.
commentRequiredWhenRejected:
type: boolean
default: false
description: When true the rejector has to provide comments when rejecting
example: true
actionInProcess:
description: 'Action that is performed on this approval, and system has not finished performing that action yet.'
type: string
enum:
- APPROVED
- REJECTED
- FORWARDED
example: APPROVED
removeDate:
type: string
description: The date the role or access profile or entitlement is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
removeDateUpdateRequested:
type: boolean
default: false
description: 'If true, then the request is to change the remove date or sunset date.'
example: true
currentRemoveDate:
type: string
description: The remove date or sunset date that was assigned at the time of the request.
format: date-time
example: '2020-07-11T00:00:00Z'
sodViolationContext:
description: An object referencing a completed SOD violation check
type: object
nullable: true
properties:
state:
type: string
enum:
- SUCCESS
- ERROR
- null
description: The status of SOD violation check
example: SUCCESS
nullable: true
uuid:
description: The id of the Violation check event
type: string
example: f73d16e9-a038-46c5-b217-1246e15fdbdd
nullable: true
violationCheckResult:
description: The inner object representing the completed SOD Violation check
type: object
properties:
message:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
description: 'If the request failed, this includes any error message that was generated.'
example:
- locale: en-US
localeOrigin: DEFAULT
text: An error has occurred during the SOD violation check
clientMetadata:
type: object
nullable: true
additionalProperties:
type: string
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
violationContexts:
type: array
nullable: true
items:
description: The contextual information of the violated criteria
type: object
properties:
policy:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
conflictingAccessCriteria:
type: object
description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
properties:
leftCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
rightCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
violatedPolicies:
type: array
nullable: true
description: A list of the SOD policies that were violated.
items:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item'
example:
customKey1: custom value 1
customKey2: custom value 2
requestedAccounts:
nullable: true
type: array
items:
type: object
properties:
name:
type: string
description: Display name of the account for the user
example: Glen.067da3248e914
type:
description: The type of item
example: ACCOUNT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
accountUuid:
type: string
nullable: true
description: The uuid for the account
example: '{fab7119e-004f-4822-9c33-b8d570d6c6a6}'
accountId:
type: string
nullable: true
description: The native identity for the account
example: 'CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local'
sourceName:
type: string
nullable: false
description: Display name of the source for the account
example: Multi Account AD source name
description: 'The accounts selected by the user for the access to be provisioned on, in case they have multiple accounts on one or more sources.'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-approvals/completed:
get:
operationId: listCompletedApprovals
summary: Completed access request approvals list
tags:
- Access Request Approvals
description: This endpoint returns list of completed approvals. See *owner-id* query parameter below for authorization info.
parameters:
- in: query
name: owner-id
required: false
schema:
type: string
description: |-
If present, the value returns only completed approvals for the specified identity.
* ORG_ADMIN users can call this with any identity ID value.
* ORG_ADMIN users can also fetch all the approvals in the org, when
owner-id is not used.
* Non-ORG_ADMIN users can only specify *me* or pass their own
identity ID value.
example: 2c91808568c529c60168cca6f90c1313
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**requestedFor.id**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**modified**: *gt, lt, ge, le, eq, in, ne, sw*
example: id eq "2c91808568c529c60168cca6f90c1313"
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified**
example: modified
responses:
'200':
description: List of Completed Approvals.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The approval id.
example: id12345
name:
type: string
description: The name of the approval.
example: aName
created:
type: string
format: date-time
description: When the approval was created.
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: When the approval was modified last time.
example: '2018-07-25T20:22:28.104Z'
requestCreated:
type: string
format: date-time
description: When the access-request was created.
example: '2017-07-11T18:45:35.098Z'
requestType:
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
example: GRANT_ACCESS
nullable: true
requester:
type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
requestedFor:
type: object
description: Identity access was requested for.
properties:
type:
type: string
enum:
- IDENTITY
description: Type of the object to which this reference applies
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
reviewedBy:
type: object
description: Identity who reviewed the access item request.
properties:
type:
type: string
description: DTO type of identity who reviewed the access item request.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who reviewed the access item request.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Human-readable display name of identity who reviewed the access item request.
example: Allen Albertson
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
requestedObject:
description: The requested access item.
type: object
properties:
id:
type: string
description: Id of the object.
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: Name of the object.
example: Applied Research Access
description:
type: string
description: Description of the object.
example: 'Access to research information, lab results, and schematics'
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: Type of the object.
example: ROLE
requesterComment:
allOf:
- type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
- description: The requester's comment.
reviewerComment:
allOf:
- type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
- description: The approval's reviewer's comment.
nullable: true
previousReviewersComments:
type: array
items:
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
description: The history of the previous reviewers comments.
forwardHistory:
type: array
items:
type: object
properties:
oldApproverName:
type: string
description: Display name of approver from whom the approval was forwarded.
example: Frank Mir
newApproverName:
type: string
description: Display name of approver to whom the approval was forwarded.
example: Al Volta
comment:
type: string
nullable: true
description: Comment made while forwarding.
example: Forwarding from Frank to Al
modified:
type: string
format: date-time
description: Time at which approval was forwarded.
example: '2019-08-23T18:52:57.398Z'
forwarderName:
type: string
nullable: true
description: Display name of forwarder who forwarded the approval.
example: William Wilson
reassignmentType:
description: |-
The approval reassignment type.
* MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
* AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
* AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html).
* SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval).
example: AUTOMATIC_REASSIGNMENT
type: string
enum:
- MANUAL_REASSIGNMENT
- AUTOMATIC_REASSIGNMENT
- AUTO_ESCALATION
- SELF_REVIEW_DELEGATION
description: The history of approval forward action.
commentRequiredWhenRejected:
type: boolean
default: false
description: When true the rejector has to provide comments when rejecting
example: true
state:
description: The final state of the approval
type: string
enum:
- APPROVED
- REJECTED
example: APPROVED
removeDate:
type: string
description: The date the role or access profile or entitlement is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
nullable: true
removeDateUpdateRequested:
type: boolean
default: false
description: 'If true, then the request was to change the remove date or sunset date.'
example: true
currentRemoveDate:
type: string
description: The remove date or sunset date that was assigned at the time of the request.
format: date-time
example: '2020-07-11T00:00:00Z'
nullable: true
sodViolationContext:
description: An object referencing a completed SOD violation check
type: object
nullable: true
properties:
state:
type: string
enum:
- SUCCESS
- ERROR
- null
description: The status of SOD violation check
example: SUCCESS
nullable: true
uuid:
description: The id of the Violation check event
type: string
example: f73d16e9-a038-46c5-b217-1246e15fdbdd
nullable: true
violationCheckResult:
description: The inner object representing the completed SOD Violation check
type: object
properties:
message:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
description: 'If the request failed, this includes any error message that was generated.'
example:
- locale: en-US
localeOrigin: DEFAULT
text: An error has occurred during the SOD violation check
clientMetadata:
type: object
nullable: true
additionalProperties:
type: string
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
violationContexts:
type: array
nullable: true
items:
description: The contextual information of the violated criteria
type: object
properties:
policy:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
conflictingAccessCriteria:
type: object
description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
properties:
leftCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
rightCriteria:
type: object
properties:
criteriaList:
type: array
items:
description: Details of the Entitlement criteria
type: object
properties:
existing:
type: boolean
default: false
example: true
description: If the entitlement already belonged to the user or not.
type:
example: ENTITLEMENT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
id:
type: string
description: Entitlement ID
example: 2c918085771e9d3301773b3cb66f6398
name:
type: string
description: Entitlement name
example: My HR Entitlement
violatedPolicies:
type: array
nullable: true
description: A list of the SOD policies that were violated.
items:
type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
preApprovalTriggerResult:
nullable: true
type: object
description: 'If the access request submitted event trigger is configured and this access request was intercepted by it, then this is the result of the trigger''s decision to either approve or deny the request.'
properties:
comment:
type: string
description: The comment from the trigger
example: This request was autoapproved by our automated ETS subscriber
decision:
description: The approval decision of the trigger
type: string
enum:
- APPROVED
- REJECTED
example: APPROVED
reviewer:
type: string
description: The name of the approver
example: Automated AR Approval
date:
type: string
format: date-time
example: '2022-06-07T19:18:40.748Z'
description: The date and time the trigger decided on the request
clientMetadata:
type: object
additionalProperties:
type: string
description: Arbitrary key-value pairs provided during the request.
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAccounts:
nullable: true
type: array
items:
type: object
properties:
name:
type: string
description: Display name of the account for the user
example: Glen.067da3248e914
type:
description: The type of item
example: ACCOUNT
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
accountUuid:
type: string
nullable: true
description: The uuid for the account
example: '{fab7119e-004f-4822-9c33-b8d570d6c6a6}'
accountId:
type: string
nullable: true
description: The native identity for the account
example: 'CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local'
sourceName:
type: string
nullable: false
description: Display name of the source for the account
example: Multi Account AD source name
description: 'The accounts selected by the user for the access to be provisioned on, in case they have multiple accounts on one or more sources.'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-request-approvals/{approvalId}/approve':
post:
operationId: approveAccessRequest
security:
- userAuth:
- 'idn:access-request-approvals:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- APPROVAL_OWNER
summary: Approve access request approval
tags:
- Access Request Approvals
description: Use this endpoint to approve an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action.
parameters:
- in: path
name: approvalId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listPendingApprovals
description: Approval ID.
example: 2c91808b7294bea301729568c68c002e
requestBody:
description: Reviewer's comment.
required: false
content:
application/json:
schema:
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-request-approvals/{approvalId}/reject':
post:
operationId: rejectAccessRequest
summary: Reject access request approval
tags:
- Access Request Approvals
description: Use this API to reject an access request approval. Only the owner of the approval and admin users are allowed to perform this action.
parameters:
- in: path
name: approvalId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listPendingApprovals
description: Approval ID.
example: 2c91808b7294bea301729568c68c002e
requestBody:
description: Reviewer's comment.
required: true
content:
application/json:
schema:
type: object
properties:
comment:
type: string
nullable: true
description: Comment content.
example: This is a comment.
created:
type: string
format: date-time
description: Date and time comment was created.
example: '2017-07-11T18:45:37.098Z'
author:
type: object
readOnly: true
description: Author of the comment
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object
id:
type: string
description: The unique ID of the object
example: 2c9180847e25f377017e2ae8cae4650b
name:
type: string
description: The display name of the object
example: john.doe
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-request-approvals/{approvalId}/forward':
post:
operationId: forwardAccessRequest
summary: Forward access request approval
tags:
- Access Request Approvals
description: Use this API to forward an access request approval to a new owner. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action.
parameters:
- in: path
name: approvalId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listPendingApprovals
description: Approval ID.
example: 2c91808b7294bea301729568c68c002e
requestBody:
description: Information about the forwarded approval.
required: true
content:
application/json:
schema:
type: object
required:
- newOwnerId
- comment
properties:
newOwnerId:
type: string
description: The Id of the new owner
example: 2c91808568c529c60168cca6f90c1314
minLength: 1
maxLength: 255
comment:
type: string
description: The comment provided by the forwarder
example: 2c91808568c529c60168cca6f90c1313
minLength: 1
maxLength: 255
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-approvals/approval-summary:
get:
operationId: getAccessRequestApprovalSummary
security:
- userAuth:
- 'idn:access-request-approvals-summary:read'
summary: Get access requests approvals number
tags:
- Access Request Approvals
description: 'Use this API to return the number of pending, approved and rejected access requests approvals. See the "owner-id" query parameter for authorization information. info.'
parameters:
- in: query
name: owner-id
schema:
type: string
description: |-
The ID of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.
* ORG_ADMIN users can call this with any identity ID value.
* ORG_ADMIN user can also fetch all the approvals in the org, when
owner-id is not used.
* Non ORG_ADMIN users can only specify *me* or pass their own
identity ID value.
example: 2c91808568c529c60168cca6f90c1313
required: false
- in: query
name: from-date
schema:
type: string
description: This is the date and time the results will be shown from. It must be in a valid ISO-8601 format.
example: 'from-date=2020-03-19T19:59:11Z'
required: false
responses:
'200':
description: 'Number of pending, approved, rejected access request approvals.'
content:
application/json:
schema:
type: object
properties:
pending:
type: integer
description: The number of pending access requests approvals.
format: int32
example: 0
approved:
type: integer
description: The number of approved access requests approvals.
format: int32
example: 0
rejected:
type: integer
description: The number of rejected access requests approvals.
format: int32
example: 0
'400':
description: Client Error - Returned if the query parameter is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-request-approvals/bulk-approve:
post:
operationId: approveBulkAccessRequest
security:
- userAuth:
- 'idn:access-request-administration:write'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Access Requests
summary: Bulk approve access request
description: 'This API endpoint allows approving pending access requests in bulk. Maximum of 50 approval ids can be provided in the request for one single invocation. ORG_ADMIN or users with rights "idn:access-request-administration:write" can approve the access requests in bulk.'
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Request body payload for bulk approve access request endpoint.
required:
- approvalIds
- comment
properties:
approvalIds:
type: array
description: List of approval ids to approve the pending requests
items:
type: string
example:
- 2c9180835d2e5168015d32f890ca1581
- 2c9180835d2e5168015d32f890ca1582
comment:
type: string
description: Reason for approving the pending access request.
example: I approve these request items
example:
accessRequestIds:
- 2c91808568c529c60168cca6f90c1313
- 2c91808568c529c60168cca6f90c1314
comment: I approve these request items
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-request-approvals/{accessRequestId}/approvers':
get:
operationId: listAccessRequestApprovers
security:
- userAuth:
- 'idn:access-request-administration:read'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Access Request Approvals
summary: Access request approvers
description: |
This API endpoint returns the list of approvers for the given access request id.
parameters:
- in: path
name: accessRequestId
description: Access Request ID.
required: true
x-sailpoint-resource-operation-id: listPendingApprovals
schema:
type: string
example: 2c91808568c529c60168cca6f90c1313
- in: query
name: limit
description: Max number of results to return.
required: false
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
example: 100
- in: query
name: offset
description: Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.
required: false
schema:
type: integer
format: int32
minimum: 0
example: 10
- in: query
name: count
description: 'If this is true, the *X-Total-Count* response header populates with the number of results that would be returned if limit and offset were ignored.'
required: false
schema:
type: boolean
default: false
example: false
responses:
'200':
description: List of Approvers.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Approver id.
example: id12345
email:
type: string
description: Email of the approver.
example: jdoe@sailpoint.com
name:
type: string
description: Name of the approver.
example: John Doe
approvalId:
type: string
description: Id of the approval item.
example: ap12345
type:
type: string
description: 'Type of the object returned. In this case, the value for this field will always Identity.'
example: Identity
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/accounts:
get:
operationId: listAccounts
tags:
- Accounts
summary: Accounts list
description: 'List accounts. '
security:
- userAuth:
- 'idn:accounts:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- HELPDESK
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: detailLevel
required: false
schema:
type: string
enum:
- SLIM
- FULL
description: This value determines whether the API provides `SLIM` or increased level of detail (`FULL`) for each account in the returned list. `FULL` is the default behavior.
example: FULL
- in: query
name: filters
required: false
schema:
type: string
example: identityId eq "2c9180858082150f0180893dbaf44201"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, sw*
**identityId**: *eq, in, sw*
**name**: *eq, in, sw*
**nativeIdentity**: *eq, in, sw*
**hasEntitlements**: *eq*
**sourceId**: *eq, in, sw*
**uncorrelated**: *eq*
**entitlements**: *eq*
**origin**: *eq, in*
**manuallyCorrelated**: *eq*
**identity.name**: *eq, in, sw*
**identity.correlated**: *eq*
**identity.identityState**: *eq, in*
**source.displayableName**: *eq, in*
**source.authoritative**: *eq*
**source.connectionType**: *eq, in*
**recommendation.method**: *eq, in, isnull*
**created**: *eq, ge, gt, le, lt*
**modified**: *eq, ge, gt, le, lt*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'id,name'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, sourceId, identityId, nativeIdentity, uuid, manuallyCorrelated, entitlements, origin, identity.name, identity.identityState, identity.correlated, source.displayableName, source.authoritative, source.connectionType**
responses:
'200':
description: List of account objects.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- sourceId
- sourceName
- attributes
- authoritative
- disabled
- locked
- nativeIdentity
- systemAccount
- uncorrelated
- manuallyCorrelated
- hasEntitlements
properties:
sourceId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the source this account belongs to
sourceName:
type: string
nullable: true
example: Employees
description: The display name of the source this account belongs to
identityId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the identity this account is correlated to
cloudLifecycleState:
type: string
nullable: true
example: active
description: The lifecycle state of the identity this account is correlated to
identityState:
type: string
nullable: true
example: ACTIVE
description: The identity state of the identity this account is correlated to
connectionType:
type: string
nullable: true
example: direct
description: The connection type of the source this account is from
isMachine:
type: boolean
default: false
description: Indicates if the account is of machine type
example: true
recommendation:
allOf:
- type: object
properties:
type:
type: string
enum:
- HUMAN
- MACHINE
description: Recommended type of account.
example: MACHINE
method:
type: string
enum:
- DISCOVERY
- SOURCE
- CRITERIA
description: 'Method used to produce the recommendation. DISCOVERY - suggested by AI, SOURCE - the account comes from a source flagged as containing machine accounts, CRITERIA - the account satisfies classification criteria.'
example: DISCOVERY
required:
- type
- method
- nullable: true
description: Indicates that the account is currently classified to be one type but is recommended to be a different one
example:
type: MACHINE
method: DISCOVERY
attributes:
type: object
nullable: true
additionalProperties: true
description: The account attributes that are aggregated
example:
firstName: SailPoint
lastName: Support
displayName: SailPoint Support
authoritative:
type: boolean
description: Indicates if this account is from an authoritative source
example: false
description:
type: string
description: A description of the account
nullable: true
example: null
disabled:
type: boolean
description: Indicates if the account is currently disabled
example: false
locked:
type: boolean
description: Indicates if the account is currently locked
example: false
nativeIdentity:
type: string
description: The unique ID of the account generated by the source system
example: '552775'
systemAccount:
type: boolean
example: false
description: 'If true, this is a user account within IdentityNow. If false, this is an account from a source system.'
uncorrelated:
type: boolean
description: Indicates if this account is not correlated to an identity
example: false
uuid:
type: string
description: The unique ID of the account as determined by the account schema
example: '{b0dce506-d6d4-44d2-8a32-d9a5b21fb175}'
nullable: true
manuallyCorrelated:
type: boolean
description: Indicates if the account has been manually correlated to an identity
example: false
hasEntitlements:
type: boolean
description: Indicates if the account has entitlements
example: true
identity:
description: The identity this account is correlated to
type: object
properties:
id:
type: string
description: The ID of the identity
example: 2c918084660f45d6016617daa9210584
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
name:
type: string
description: display name of identity
example: John Doe
sourceOwner:
type: object
nullable: true
description: The owner of the source this account belongs to.
properties:
id:
type: string
description: The ID of the identity
example: 2c918084660f45d6016617daa9210584
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
name:
type: string
description: display name of identity
example: Adam Kennedy
features:
type: string
description: A string list containing the owning source's features
example: ENABLE
nullable: true
origin:
type: string
nullable: true
enum:
- AGGREGATED
- PROVISIONED
- null
description: The origin of the account either aggregated or provisioned
example: AGGREGATED
ownerIdentity:
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
- description: 'The identity who owns this account, used only for machine accounts'
nullable: true
example:
id: 2c918084660f45d6016617daa9210584
type: IDENTITY
name: Adam Kennedy
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createAccount
tags:
- Accounts
summary: Create account
description: |
Submit an account creation task - the API then returns the task ID.
You must include the `sourceId` where the account will be created in the `attributes` object.
This endpoint creates an account on the source record in your ISC tenant.
This is useful for Flat File (`DelimitedFile`) type sources because it allows you to aggregate new accounts without needing to import a new CSV file every time.
However, if you use this endpoint to create an account for a Direct Connection type source, you must ensure that the account also exists on the target source.
The endpoint doesn't actually provision the account on the target source, which means that if the account doesn't also exist on the target source, an aggregation between the source and your tenant will remove it from your tenant.
By providing the account ID of an existing account in the request body, this API will function as a PATCH operation and update the account.
security:
- userAuth:
- 'idn:accounts:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- attributes
properties:
attributes:
description: The schema attribute values for the account
type: object
required:
- sourceId
properties:
sourceId:
type: string
description: Target source to create an account
example: 34bfcbe116c9407464af37acbaf7a4dc
additionalProperties:
type: string
example:
sourceId: 34bfcbe116c9407464af37acbaf7a4dc
city: Austin
displayName: John Doe
userName: jdoe
sAMAccountName: jDoe
mail: john.doe@sailpoint.com
responses:
'202':
description: Async task details.
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}':
get:
operationId: getAccount
tags:
- Accounts
summary: Account details
description: 'Use this API to return the details for a single account by its ID. '
security:
- userAuth:
- 'idn:accounts:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- HELPDESK
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listAccounts
description: Account ID.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Account object.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- sourceId
- sourceName
- attributes
- authoritative
- disabled
- locked
- nativeIdentity
- systemAccount
- uncorrelated
- manuallyCorrelated
- hasEntitlements
properties:
sourceId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the source this account belongs to
sourceName:
type: string
nullable: true
example: Employees
description: The display name of the source this account belongs to
identityId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the identity this account is correlated to
cloudLifecycleState:
type: string
nullable: true
example: active
description: The lifecycle state of the identity this account is correlated to
identityState:
type: string
nullable: true
example: ACTIVE
description: The identity state of the identity this account is correlated to
connectionType:
type: string
nullable: true
example: direct
description: The connection type of the source this account is from
isMachine:
type: boolean
default: false
description: Indicates if the account is of machine type
example: true
recommendation:
allOf:
- type: object
properties:
type:
type: string
enum:
- HUMAN
- MACHINE
description: Recommended type of account.
example: MACHINE
method:
type: string
enum:
- DISCOVERY
- SOURCE
- CRITERIA
description: 'Method used to produce the recommendation. DISCOVERY - suggested by AI, SOURCE - the account comes from a source flagged as containing machine accounts, CRITERIA - the account satisfies classification criteria.'
example: DISCOVERY
required:
- type
- method
- nullable: true
description: Indicates that the account is currently classified to be one type but is recommended to be a different one
example:
type: MACHINE
method: DISCOVERY
attributes:
type: object
nullable: true
additionalProperties: true
description: The account attributes that are aggregated
example:
firstName: SailPoint
lastName: Support
displayName: SailPoint Support
authoritative:
type: boolean
description: Indicates if this account is from an authoritative source
example: false
description:
type: string
description: A description of the account
nullable: true
example: null
disabled:
type: boolean
description: Indicates if the account is currently disabled
example: false
locked:
type: boolean
description: Indicates if the account is currently locked
example: false
nativeIdentity:
type: string
description: The unique ID of the account generated by the source system
example: '552775'
systemAccount:
type: boolean
example: false
description: 'If true, this is a user account within IdentityNow. If false, this is an account from a source system.'
uncorrelated:
type: boolean
description: Indicates if this account is not correlated to an identity
example: false
uuid:
type: string
description: The unique ID of the account as determined by the account schema
example: '{b0dce506-d6d4-44d2-8a32-d9a5b21fb175}'
nullable: true
manuallyCorrelated:
type: boolean
description: Indicates if the account has been manually correlated to an identity
example: false
hasEntitlements:
type: boolean
description: Indicates if the account has entitlements
example: true
identity:
description: The identity this account is correlated to
type: object
properties:
id:
type: string
description: The ID of the identity
example: 2c918084660f45d6016617daa9210584
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
name:
type: string
description: display name of identity
example: John Doe
sourceOwner:
type: object
nullable: true
description: The owner of the source this account belongs to.
properties:
id:
type: string
description: The ID of the identity
example: 2c918084660f45d6016617daa9210584
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
name:
type: string
description: display name of identity
example: Adam Kennedy
features:
type: string
description: A string list containing the owning source's features
example: ENABLE
nullable: true
origin:
type: string
nullable: true
enum:
- AGGREGATED
- PROVISIONED
- null
description: The origin of the account either aggregated or provisioned
example: AGGREGATED
ownerIdentity:
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
- description: 'The identity who owns this account, used only for machine accounts'
nullable: true
example:
id: 2c918084660f45d6016617daa9210584
type: IDENTITY
name: Adam Kennedy
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateAccount
tags:
- Accounts
summary: Update account
description: |
Use this API to update account details.
This API supports updating an account's correlation by modifying the `identityId` and `manuallyCorrelated` fields.
To reassign an account from one identity to another, replace the current `identityId` with a new value.
If the account you're assigning was provisioned by Identity Security Cloud (ISC), it's possible for ISC to create a new account
for the previous identity as soon as the account is moved. If the account you're assigning is authoritative,
this causes the previous identity to become uncorrelated and can even result in its deletion.
All accounts that are reassigned will be set to `manuallyCorrelated: true` unless you specify otherwise.
>**Note:** The `attributes` field can only be modified for flat file accounts.
security:
- userAuth:
- 'idn:accounts:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listAccounts
description: Account ID.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
examples:
Uncorrelate account:
description: Remove account from Identity
value:
- op: remove
path: /identityId
Reassign account:
description: Move account from one Identity to another Identity
value:
- op: replace
path: /identityId
value: 2c9180857725c14301772a93bb77242d
Add account attribute:
description: Add flat file account's attribute
value:
- op: add
path: /attributes/familyName
value: Smith
Replace account attribute:
description: Replace flat file account's attribute
value:
- op: replace
path: /attributes/familyName
value: Smith
Remove account attribute:
description: Remove flat file account's attribute
value:
- op: remove
path: /attributes/familyName
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putAccount
tags:
- Accounts
summary: Update account
description: |
Use this API to update an account with a PUT request.
This endpoint submits an account update task and returns the task ID.
>**Note: You can only use this PUT endpoint to update accounts from flat file sources.**
security:
- userAuth:
- 'idn:accounts:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listAccounts
description: Account ID.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- attributes
properties:
attributes:
description: The schema attribute values for the account
type: object
additionalProperties: true
example:
city: Austin
displayName: John Doe
userName: jdoe
sAMAccountName: jDoe
mail: john.doe@sailpoint.com
responses:
'202':
description: Async task details.
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteAccount
tags:
- Accounts
summary: Delete account
description: |-
Use this API to delete an account.
This endpoint submits an account delete task and returns the task ID.
This endpoint only deletes the account from IdentityNow, not the source itself, which can result in the account's returning with the next aggregation between the source and IdentityNow. To avoid this scenario, it is recommended that you [disable accounts](https://developer.sailpoint.com/idn/api/v3/disable-account) rather than delete them. This will also allow you to reenable the accounts in the future.
>**NOTE: You can only delete accounts from sources of the "DelimitedFile" type.**
security:
- userAuth:
- 'idn:accounts:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listAccounts
description: Account ID.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Async task details.
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/entitlements':
get:
operationId: getAccountEntitlements
tags:
- Accounts
summary: Account entitlements
description: 'This API returns entitlements of the account. '
security:
- userAuth:
- 'idn:accounts:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- HELPDESK
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listAccounts
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: An array of account entitlements
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
attribute:
type: string
description: The entitlement attribute name
example: memberOf
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
description:
type: string
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
nullable: true
privileged:
type: boolean
description: True if the entitlement is privileged
default: false
example: true
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
default: false
example: true
requestable:
type: boolean
description: True if the entitlement is able to be directly requested
example: true
default: false
owner:
type: object
description: The identity that owns the entitlement
nullable: true
properties:
id:
type: string
description: The identity ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
enum:
- IDENTITY
description: The type of object
example: IDENTITY
name:
type: string
description: The display name of the identity
example: john.doe
manuallyUpdatedFields:
type: object
description: 'A map of entitlement fields that have been manually updated. The key is the field name in UPPER_SNAKE_CASE format, and the value is true or false to indicate if the field has been updated.'
nullable: true
additionalProperties: true
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
type: object
description: Additional data to classify the entitlement
properties:
attributes:
type: array
items:
type: object
description: Metadata that describes an access item
properties:
key:
type: string
description: Unique identifier for the metadata type
example: iscCsp
name:
type: string
description: Human readable name of the metadata type
example: CSP
multiselect:
type: boolean
default: false
example: true
description: Allows selecting multiple values
status:
type: string
description: The state of the metadata item
example: active
type:
type: string
description: The type of the metadata item
example: governance
objectTypes:
type: array
description: The types of objects
example:
- general
items:
type: string
example: general
description:
type: string
description: Describes the metadata item
example: Indicates the type of deployment environment of an access item.
values:
type: array
description: The value to assign to the metadata item
items:
type: object
description: An individual value to assign to the metadata item
properties:
value:
type: string
description: The value to assign to the metdata item
example: development
name:
type: string
description: Display name of the value
example: Development
status:
type: string
description: The status of the individual value
example: active
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
example: HereIsRight1
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/reload':
post:
operationId: submitReloadAccount
tags:
- Accounts
summary: Reload account
description: 'This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process. '
security:
- userAuth:
- 'idn:accounts-state:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- HELPDESK
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listAccounts
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/enable':
post:
operationId: enableAccount
tags:
- Accounts
summary: Enable account
description: 'This API submits a task to enable account and returns the task ID. '
security:
- userAuth:
- 'idn:accounts-state:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- HELPDESK
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listAccounts
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
description: Request used for account enable/disable
type: object
properties:
externalVerificationId:
description: 'If set, an external process validates that the user wants to proceed with this request.'
type: string
example: 3f9180835d2e5168015d32f890ca1581
forceProvisioning:
description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.'
type: boolean
example: false
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/disable':
post:
operationId: disableAccount
tags:
- Accounts
summary: Disable account
description: 'This API submits a task to disable the account and returns the task ID. '
security:
- userAuth:
- 'idn:accounts-state:manage'
x-sailpont-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- HELPDESK
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listAccounts
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
description: Request used for account enable/disable
type: object
properties:
externalVerificationId:
description: 'If set, an external process validates that the user wants to proceed with this request.'
type: string
example: 3f9180835d2e5168015d32f890ca1581
forceProvisioning:
description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.'
type: boolean
example: false
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/{id}/unlock':
post:
operationId: unlockAccount
tags:
- Accounts
summary: Unlock account
description: |-
This API submits a task to unlock an account and returns the task ID.
To use this endpoint to unlock an account that has the `forceProvisioning` option set to true, the `idn:accounts-provisioning:manage` scope is required.
security:
- userAuth:
- 'idn:accounts-state:manage'
- 'idn:accounts-provisioning:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- HELPDESK
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listAccounts
description: The account ID.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
description: Request used for account unlock
type: object
properties:
externalVerificationId:
description: 'If set, an external process validates that the user wants to proceed with this request.'
type: string
example: 3f9180835d2e5168015d32f890ca1581
unlockIDNAccount:
description: 'If set, the IDN account is unlocked after the workflow completes.'
type: boolean
example: false
forceProvisioning:
description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.'
type: boolean
example: false
responses:
'202':
description: Async task details
content:
application/json:
schema:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/account-activities:
get:
operationId: listAccountActivities
tags:
- Account Activities
summary: List account activities
description: This gets a collection of account activities that satisfy the given query parameters.
parameters:
- in: query
name: requested-for
schema:
type: string
description: The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
example: 2c91808568c529c60168cca6f90c1313
- in: query
name: requested-by
schema:
type: string
description: The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
required: false
example: 2c91808568c529c60168cca6f90c1313
- in: query
name: regarding-identity
schema:
type: string
description: The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.
required: false
example: 2c91808568c529c60168cca6f90c1313
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**type**: *eq, in, ge, le, lt, ne, isnull, sw*
**created**: *gt, lt, ge, le, eq, in, ne, isnull, sw*
**modified**: *gt, lt, ge, le, eq, in, ne, isnull, sw*
example: type eq "Identity Refresh"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **type, created, modified**
example: created
required: false
responses:
'200':
description: List of account activities
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the account activity
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: The name of the activity
example: 2c9180835d2e5168015d32f890ca1581
created:
description: When the activity was first created
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
description: When the activity was last modified
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
nullable: true
completed:
description: When the activity was completed
type: string
format: date-time
nullable: true
example: '2018-10-19T13:49:37.385Z'
completionStatus:
nullable: true
type: string
description: The status after completion.
enum:
- SUCCESS
- FAILURE
- INCOMPLETE
- PENDING
- null
example: SUCCESS
type:
nullable: true
type: string
example: appRequest
description: |
The type of action the activity performed. Please see the following list of types. This list may grow over time.
- CloudAutomated
- IdentityAttributeUpdate
- appRequest
- LifecycleStateChange
- AccountStateUpdate
- AccountAttributeUpdate
- CloudPasswordRequest
- Attribute Synchronization Refresh
- Certification
- Identity Refresh
- Lifecycle Change Refresh
[Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data).
requesterIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
targetIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
errors:
nullable: true
description: 'A list of error messages, if any, that were encountered.'
type: array
items:
type: string
example:
- 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.'
warnings:
nullable: true
description: 'A list of warning messages, if any, that were encountered.'
type: array
items:
type: string
example:
- 'Some warning, another warning'
items:
nullable: true
type: array
description: Individual actions performed as part of this account activity
items:
type: object
properties:
id:
type: string
description: Item id
example: 48c545831b264409a81befcabb0e3c5a
name:
type: string
description: Human-readable display name of item
example: 48c545831b264409a81befcabb0e3c5a
requested:
type: string
format: date-time
description: Date and time item was requested
example: '2017-07-11T18:45:37.098Z'
approvalStatus:
type: string
nullable: true
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: PENDING
description: The state of an approval status
provisioningStatus:
type: string
enum:
- PENDING
- FINISHED
- UNVERIFIABLE
- COMMITED
- FAILED
- RETRY
description: Provisioning state of an account activity item
example: PENDING
requesterComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
reviewerIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
reviewerComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
operation:
type: string
nullable: true
enum:
- ADD
- CREATE
- MODIFY
- DELETE
- DISABLE
- ENABLE
- UNLOCK
- LOCK
- REMOVE
- SET
- null
description: Represents an operation in an account activity item
example: ADD
attribute:
type: string
description: Attribute to which account activity applies
nullable: true
example: detectedRoles
value:
type: string
description: Value of attribute
nullable: true
example: 'Treasury Analyst [AccessProfile-1529010191212]'
nativeIdentity:
nullable: true
type: string
description: Native identity in the target system to which the account activity applies
example: Sandie.Camero
sourceId:
type: string
description: Id of Source to which account activity applies
example: 2c91808363ef85290164000587130c0c
accountRequestInfo:
type: object
nullable: true
properties:
requestedObjectId:
type: string
description: Id of requested object
example: 2c91808563ef85690164001c31140c0c
requestedObjectName:
type: string
description: Human-readable name of requested object
example: Treasury Analyst
requestedObjectType:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: Currently supported requestable object types.
example: ACCESS_PROFILE
description: 'If an account activity item is associated with an access request, captures details of that request.'
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item'
example:
customKey1: custom value 1
customKey2: custom value 2
removeDate:
nullable: true
type: string
description: The date the role or access profile or entitlement is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
executionStatus:
type: string
description: The current state of execution.
enum:
- EXECUTING
- VERIFYING
- TERMINATED
- COMPLETED
example: COMPLETED
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
example:
customKey1: custom value 1
customKey2: custom value 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/account-activities/{id}':
get:
operationId: getAccountActivity
tags:
- Account Activities
summary: Get an account activity
description: This gets a single account activity by its id.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listAccountActivities
description: The account activity id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: An account activity object
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Id of the account activity
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: The name of the activity
example: 2c9180835d2e5168015d32f890ca1581
created:
description: When the activity was first created
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
description: When the activity was last modified
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
nullable: true
completed:
description: When the activity was completed
type: string
format: date-time
nullable: true
example: '2018-10-19T13:49:37.385Z'
completionStatus:
nullable: true
type: string
description: The status after completion.
enum:
- SUCCESS
- FAILURE
- INCOMPLETE
- PENDING
- null
example: SUCCESS
type:
nullable: true
type: string
example: appRequest
description: |
The type of action the activity performed. Please see the following list of types. This list may grow over time.
- CloudAutomated
- IdentityAttributeUpdate
- appRequest
- LifecycleStateChange
- AccountStateUpdate
- AccountAttributeUpdate
- CloudPasswordRequest
- Attribute Synchronization Refresh
- Certification
- Identity Refresh
- Lifecycle Change Refresh
[Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data).
requesterIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
targetIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
errors:
nullable: true
description: 'A list of error messages, if any, that were encountered.'
type: array
items:
type: string
example:
- 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.'
warnings:
nullable: true
description: 'A list of warning messages, if any, that were encountered.'
type: array
items:
type: string
example:
- 'Some warning, another warning'
items:
nullable: true
type: array
description: Individual actions performed as part of this account activity
items:
type: object
properties:
id:
type: string
description: Item id
example: 48c545831b264409a81befcabb0e3c5a
name:
type: string
description: Human-readable display name of item
example: 48c545831b264409a81befcabb0e3c5a
requested:
type: string
format: date-time
description: Date and time item was requested
example: '2017-07-11T18:45:37.098Z'
approvalStatus:
type: string
nullable: true
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: PENDING
description: The state of an approval status
provisioningStatus:
type: string
enum:
- PENDING
- FINISHED
- UNVERIFIABLE
- COMMITED
- FAILED
- RETRY
description: Provisioning state of an account activity item
example: PENDING
requesterComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
reviewerIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
reviewerComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
operation:
type: string
nullable: true
enum:
- ADD
- CREATE
- MODIFY
- DELETE
- DISABLE
- ENABLE
- UNLOCK
- LOCK
- REMOVE
- SET
- null
description: Represents an operation in an account activity item
example: ADD
attribute:
type: string
description: Attribute to which account activity applies
nullable: true
example: detectedRoles
value:
type: string
description: Value of attribute
nullable: true
example: 'Treasury Analyst [AccessProfile-1529010191212]'
nativeIdentity:
nullable: true
type: string
description: Native identity in the target system to which the account activity applies
example: Sandie.Camero
sourceId:
type: string
description: Id of Source to which account activity applies
example: 2c91808363ef85290164000587130c0c
accountRequestInfo:
type: object
nullable: true
properties:
requestedObjectId:
type: string
description: Id of requested object
example: 2c91808563ef85690164001c31140c0c
requestedObjectName:
type: string
description: Human-readable name of requested object
example: Treasury Analyst
requestedObjectType:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: Currently supported requestable object types.
example: ACCESS_PROFILE
description: 'If an account activity item is associated with an access request, captures details of that request.'
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item'
example:
customKey1: custom value 1
customKey2: custom value 2
removeDate:
nullable: true
type: string
description: The date the role or access profile or entitlement is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
executionStatus:
type: string
description: The current state of execution.
enum:
- EXECUTING
- VERIFYING
- TERMINATED
- COMPLETED
example: COMPLETED
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
example:
customKey1: custom value 1
customKey2: custom value 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/auth-org/network-config:
get:
operationId: getAuthOrgNetworkConfig
tags:
- Global Tenant Security Settings
summary: Get security network configuration.
description: This API returns the details of an org's network auth configuration.
security:
- userAuth:
- 'sp:auth-org:read'
responses:
'200':
description: Network configuration for the tenant's auth org.
content:
application/json:
schema:
type: object
properties:
range:
type: array
description: The collection of ip ranges.
items:
type: string
example:
- 1.3.7.2
- 255.255.255.252/30
nullable: true
geolocation:
type: array
description: The collection of country codes.
items:
type: string
example:
- CA
- FR
- HT
nullable: true
whitelisted:
type: boolean
description: Denotes whether the provided lists are whitelisted or blacklisted for geo location.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createAuthOrgNetworkConfig
tags:
- Global Tenant Security Settings
summary: Create security network configuration.
description: 'This API returns the details of an org''s network auth configuration. Requires security scope of: ''sp:auth-org:manage'''
security:
- userAuth:
- 'sp:auth-org:manage'
requestBody:
required: true
description: |-
Network configuration creation request body. The following constraints ensure the request body conforms to certain logical guidelines, which are:
1. Each string element in the range array must be a valid ip address or
ip subnet mask.
2. Each string element in the geolocation array must be 2 characters,
and they can only be uppercase letters.
content:
application/json:
schema:
type: object
properties:
range:
type: array
description: The collection of ip ranges.
items:
type: string
example:
- 1.3.7.2
- 255.255.255.252/30
nullable: true
geolocation:
type: array
description: The collection of country codes.
items:
type: string
example:
- CA
- FR
- HT
nullable: true
whitelisted:
type: boolean
description: Denotes whether the provided lists are whitelisted or blacklisted for geo location.
default: false
example: true
responses:
'200':
description: Network configuration for the tenant.
content:
application/json:
schema:
type: object
properties:
range:
type: array
description: The collection of ip ranges.
items:
type: string
example:
- 1.3.7.2
- 255.255.255.252/30
nullable: true
geolocation:
type: array
description: The collection of country codes.
items:
type: string
example:
- CA
- FR
- HT
nullable: true
whitelisted:
type: boolean
description: Denotes whether the provided lists are whitelisted or blacklisted for geo location.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchAuthOrgNetworkConfig
tags:
- Global Tenant Security Settings
summary: Update security network configuration.
description: |-
This API updates an existing network configuration for an org using PATCH
Requires security scope of: 'sp:auth-org:manage'
security:
- userAuth:
- 'sp:auth-org:manage'
requestBody:
required: true
description: |-
A list of auth org network configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Ensures that the patched Network Config conforms to certain logical guidelines, which are:
1. Each string element in the range array must be a valid ip address or
ip subnet mask.
2. Each string element in the geolocation array must be 2 characters,
and they can only be uppercase letters.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /whitelisted
value: 'false,'
- op: add
path: /geolocation
value:
- AF
- HN
- ES
responses:
'200':
description: Updated Auth Org network configuration.
content:
application/json:
schema:
type: object
properties:
range:
type: array
description: The collection of ip ranges.
items:
type: string
example:
- 1.3.7.2
- 255.255.255.252/30
nullable: true
geolocation:
type: array
description: The collection of country codes.
items:
type: string
example:
- CA
- FR
- HT
nullable: true
whitelisted:
type: boolean
description: Denotes whether the provided lists are whitelisted or blacklisted for geo location.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/auth-org/lockout-config:
get:
operationId: getAuthOrgLockoutConfig
tags:
- Global Tenant Security Settings
summary: Get auth org lockout configuration.
description: This API returns the details of an org's lockout auth configuration.
security:
- userAuth:
- 'sp:auth-org:read'
responses:
'200':
description: Lockout configuration for the tenant's auth org.
content:
application/json:
schema:
type: object
properties:
maximumAttempts:
type: integer
format: int32
description: The maximum attempts allowed before lockout occurs.
example: 5
lockoutDuration:
type: integer
format: int32
description: The total time in minutes a user will be locked out.
example: 15
lockoutWindow:
type: integer
format: int32
description: A rolling window where authentication attempts in a series count towards the maximum before lockout occurs.
example: 5
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchAuthOrgLockoutConfig
tags:
- Global Tenant Security Settings
summary: Update auth org lockout configuration
description: |
This API updates an existing lockout configuration for an org using PATCH
security:
- userAuth:
- 'sp:auth-org:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- HELPDESK
requestBody:
required: true
description: |-
A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Ensures that the patched Lockout Config conforms to certain logical guidelines, which are:
`1. maximumAttempts >= 1 && maximumAttempts <= 15
2. lockoutDuration >= 5 && lockoutDuration <= 60
3. lockoutWindow >= 5 && lockoutDuration <= 60`
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /maximumAttempts
value: '7,'
- op: add
path: /lockoutDuration
value: 35
responses:
'200':
description: Updated Auth Org lockout configuration.
content:
application/json:
schema:
type: object
properties:
maximumAttempts:
type: integer
format: int32
description: The maximum attempts allowed before lockout occurs.
example: 5
lockoutDuration:
type: integer
format: int32
description: The total time in minutes a user will be locked out.
example: 15
lockoutWindow:
type: integer
format: int32
description: A rolling window where authentication attempts in a series count towards the maximum before lockout occurs.
example: 5
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/auth-org/service-provider-config:
get:
operationId: getAuthOrgServiceProviderConfig
tags:
- Global Tenant Security Settings
summary: Get service provider configuration.
description: This API returns the details of an org's service provider auth configuration.
responses:
'200':
description: Service provider configuration for the tenant.
content:
application/json:
schema:
description: Represents the IdentityNow as Service Provider Configuration allowing customers to log into IDN via an Identity Provider
type: object
properties:
enabled:
description: This determines whether or not the SAML authentication flow is enabled for an org
type: boolean
example: true
default: false
bypassIdp:
description: 'This allows basic login with the parameter prompt=true. This is often toggled on when debugging SAML authentication setup. When false, only org admins with MFA-enabled can bypass the IDP.'
type: boolean
example: true
default: false
samlConfigurationValid:
description: This indicates whether or not the SAML configuration is valid.
type: boolean
example: true
default: false
federationProtocolDetails:
description: 'A list of the abstract implementations of the Federation Protocol details. Typically, this will include on SpDetails object and one IdpDetails object used in tandem to define a SAML integration between a customer''s identity provider and a customer''s SailPoint instance (i.e., the service provider).'
type: array
items:
anyOf:
- allOf:
- type: object
properties:
role:
type: string
description: Federation protocol role
example: SAML_IDP
enum:
- SAML_IDP
- SAML_SP
entityId:
type: string
description: 'An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).'
example: 'http://www.okta.com/exkdaruy8Ln5Ry7C54x6'
- type: object
description: Specification of Identity Provider Details section of Service Provider Config
required:
- mappingAttribute
properties:
binding:
type: string
description: Defines the binding used for the SAML flow. Used with IDP configurations.
example: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
authnContext:
type: string
description: Specifies the SAML authentication method to use. Used with IDP configurations.
example: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
logoutUrl:
type: string
description: The IDP logout URL. Used with IDP configurations.
example: 'https://dev-206445.oktapreview.com/login/signout'
includeAuthnContext:
type: boolean
description: Determines if the configured AuthnContext should be used or the default. Used with IDP configurations.
default: false
example: false
nameId:
type: string
description: The name id format to use. Used with IDP configurations.
example: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
jitConfiguration:
type: object
properties:
enabled:
type: boolean
description: The indicator for just-in-time provisioning enabled
default: false
example: false
sourceId:
type: string
description: the sourceId that mapped to just-in-time provisioning configuration
example: 2c9180857377ed2901739c12a2da5ac8
sourceAttributeMappings:
type: object
description: A mapping of identity profile attribute names to SAML assertion attribute names
additionalProperties:
type: string
description: a mapping of JIT source attributes to the SAML assertion attribute
example:
firstName: okta.firstName
lastName: okta.lastName
email: okta.email
cert:
type: string
description: The Base64-encoded certificate used by the IDP. Used with IDP configurations.
example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----'
loginUrlPost:
type: string
description: 'The IDP POST URL, used with IDP HTTP-POST bindings for IDP-initiated logins. Used with IDP configurations.'
example: 'https://dev-157216.okta.com/app/sailpointdev157216_cdovsaml_1/exkdaruy8Ln5Ry7C54x6/sso/saml'
loginUrlRedirect:
type: string
description: The IDP Redirect URL. Used with IDP configurations.
example: 'https://dev-157216.okta.com/app/sailpointdev157216_cdovsaml_1/exkdaruy8Ln5Ry7C54x6/sso/saml'
mappingAttribute:
type: string
description: 'Return the saml Id for the given user, based on the IDN as SP settings of the org. Used with IDP configurations.'
example: email
certificateExpirationDate:
type: string
description: The expiration date extracted from the certificate.
example: 'Fri Mar 08 08:54:24 UTC 2013'
certificateName:
type: string
description: The name extracted from the certificate.
example: 'OU=Conext, O=Surfnet, L=Utrecht, ST=Utrecht, C=NL'
- allOf:
- type: object
properties:
role:
type: string
description: Federation protocol role
example: SAML_IDP
enum:
- SAML_IDP
- SAML_SP
entityId:
type: string
description: 'An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).'
example: 'http://www.okta.com/exkdaruy8Ln5Ry7C54x6'
- type: object
description: Specification of a Service Provider Details
properties:
alias:
type: string
description: Unique alias used to identify the selected local service provider based on used URL. Used with SP configurations.
example: acme-sp
callbackUrl:
type: string
description: The allowed callback URL where users will be redirected to after authentication. Used with SP configurations.
example: 'https://stradbroke-sso.identitysoon.com/sso/Consumer/metaAlias/cdov-saml/sp'
legacyAcsUrl:
type: string
description: The legacy ACS URL used for SAML authentication. Used with SP configurations.
example: 'https://megapod-useast1-sso.identitysoon.com/sso/Consumer/metaAlias/acme/sp'
required:
- callbackUrl
example:
- role: SAML_IDP
entityId: 'http://www.okta.com/exktq4o24bmQA4fr60h7'
cert: MIIDpDCCAoygAwIBAgIGAYhZ+b29MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi0yMDY0NDUxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjMwNTI2MjEzMDU5WhcNMzMwNTI2MjEzMTU5WjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtMjA2NDQ1MRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvi1+WbF2ceGlLCrLl5PrG1lpj04IsrHX6OE666ObC2WFh+Nxvpxy+Vmzon9c9+akhK3bTv+9ifEoVc6tA1qWuCfXISAn9g81JqI68I1PGUbe6eF8pmOA18rjOrt7x94k4QukpR3+I8DfPJ+TynatltB51laLb8H4jchMafA4rDTjV/ZiYPxV0LMEIbprVyGuvBEhiEWha3wwVdDuJq996okX36YNS8PcGH+5CJ8c3YWZp/wrspgJmfCooMXeV+6zBpZfXqPpMWlUo0gcZqDOFgy3r4vkXehJdVYRlInMfDv04Lvy8VI1YAZClG/duO/6o9YVUFLjD9s+mQfhgaF5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB1CTrA/pTHkarbhMHsdSFAjVoYWwdAfrssG99rIjwwr/CW9tavTC3keaoUmUeddcnLY4V/TfL07+xgQGHCBR88cnzG9h6rC9qWxt6C3nug3YDVQfkdCDgnW9A8QEvLeq/KVLoRccpJNEENb2Y5ESUXHi1+PtjkFBtvfSgZ4eEhVggirL0bJdWVm700hCnjb2iCGSbSX7WflfPi0GSmjht983caG9OwZDnDzNFt8qGWCxo4bNSThT00JnWEN/6f1BWNOt9YDrxqEyNclqhLL+RDqFsPBFIrQlsoXzqpWqCL8oS9UMNxbGATK2v3d5ueE9+SswBAFBhirCuqZw19Ri2W
loginUrlPost: 'https://dev-206445.oktapreview.com/app/tivolidev206445_acmeidntest_1/exktq4o24bmQA4fr60h7/sso/saml'
loginUrlRedirect: 'https://dev-206445.oktapreview.com/app/tivolidev206445_acmeidntest_1/exktq4o24bmQA4fr60h7/sso/saml'
logoutUrl: 'https://dev-206445.oktapreview.com/login/signout'
nameId: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
authnContext: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
includeAuthnContext: true
mappingAttribute: email
jitConfiguration:
enabled: true
sourceId: 2c9180897427f3a501745042afc83144
sourceAttributeMappings:
firstName: okta.firstName
lastName: okta.lastName
email: okta.email
certificateExpirationDate: 'Thu May 26 21:31:59 GMT 2033'
certificateName: 'EMAILADDRESS=info@okta.com, CN=dev-206445, OU=SSOProvider, O=Okta, L=San Francisco, ST=California, C=US'
- role: SAML_SP
entityId: 'https://acme.identitysoon.com/sp'
alias: acme-sp
callbackUrl: 'https://acme.test-login.sailpoint.com/saml/SSO/alias/acme-sp'
legacyAcsUrl: 'https://megapod-useast1-sso.identitysoon.com/sso/Consumer/metaAlias/acme/sp'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth: []
patch:
operationId: patchAuthOrgServiceProviderConfig
tags:
- Global Tenant Security Settings
summary: Update service provider configuration
description: This API updates an existing service provider configuration for an org using PATCH.
requestBody:
required: true
description: |-
A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Note: /federationProtocolDetails/0 is IdpDetails /federationProtocolDetails/1 is SpDetails
Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are:
1. Do not add or remove any elements in the federation protocol details
in the service provider configuration.
2. Do not modify, add, or delete the service provider details element in
the federation protocol details.
3. If this is the first time the patched ServiceProviderConfig enables
Remote IDP sign-in, it must also include IDPDetails.
4. If the patch enables Remote IDP sign in, the entityID in the
IDPDetails cannot be null. IDPDetails must include an entityID.
5. Any JIT configuration update must be valid.
Just in time configuration update must be valid when enabled. This includes:
- A Source ID
- Source attribute mappings
- Source attribute maps have all the required key values (firstName,
lastName, email)
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /enabled
value: 'true,'
- op: add
path: /federationProtocolDetails/0/jitConfiguration
value:
enabled: true
sourceId: 2c9180857377ed2901739c12a2da5ac8
sourceAttributeMappings:
firstName: okta.firstName
lastName: okta.lastName
email: okta.email
employeeNumber: okta.employeeNumber
responses:
'200':
description: Auth Org Service Provider configuration updated.
content:
application/json:
schema:
description: Represents the IdentityNow as Service Provider Configuration allowing customers to log into IDN via an Identity Provider
type: object
properties:
enabled:
description: This determines whether or not the SAML authentication flow is enabled for an org
type: boolean
example: true
default: false
bypassIdp:
description: 'This allows basic login with the parameter prompt=true. This is often toggled on when debugging SAML authentication setup. When false, only org admins with MFA-enabled can bypass the IDP.'
type: boolean
example: true
default: false
samlConfigurationValid:
description: This indicates whether or not the SAML configuration is valid.
type: boolean
example: true
default: false
federationProtocolDetails:
description: 'A list of the abstract implementations of the Federation Protocol details. Typically, this will include on SpDetails object and one IdpDetails object used in tandem to define a SAML integration between a customer''s identity provider and a customer''s SailPoint instance (i.e., the service provider).'
type: array
items:
anyOf:
- allOf:
- type: object
properties:
role:
type: string
description: Federation protocol role
example: SAML_IDP
enum:
- SAML_IDP
- SAML_SP
entityId:
type: string
description: 'An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).'
example: 'http://www.okta.com/exkdaruy8Ln5Ry7C54x6'
- type: object
description: Specification of Identity Provider Details section of Service Provider Config
required:
- mappingAttribute
properties:
binding:
type: string
description: Defines the binding used for the SAML flow. Used with IDP configurations.
example: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
authnContext:
type: string
description: Specifies the SAML authentication method to use. Used with IDP configurations.
example: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
logoutUrl:
type: string
description: The IDP logout URL. Used with IDP configurations.
example: 'https://dev-206445.oktapreview.com/login/signout'
includeAuthnContext:
type: boolean
description: Determines if the configured AuthnContext should be used or the default. Used with IDP configurations.
default: false
example: false
nameId:
type: string
description: The name id format to use. Used with IDP configurations.
example: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
jitConfiguration:
type: object
properties:
enabled:
type: boolean
description: The indicator for just-in-time provisioning enabled
default: false
example: false
sourceId:
type: string
description: the sourceId that mapped to just-in-time provisioning configuration
example: 2c9180857377ed2901739c12a2da5ac8
sourceAttributeMappings:
type: object
description: A mapping of identity profile attribute names to SAML assertion attribute names
additionalProperties:
type: string
description: a mapping of JIT source attributes to the SAML assertion attribute
example:
firstName: okta.firstName
lastName: okta.lastName
email: okta.email
cert:
type: string
description: The Base64-encoded certificate used by the IDP. Used with IDP configurations.
example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----'
loginUrlPost:
type: string
description: 'The IDP POST URL, used with IDP HTTP-POST bindings for IDP-initiated logins. Used with IDP configurations.'
example: 'https://dev-157216.okta.com/app/sailpointdev157216_cdovsaml_1/exkdaruy8Ln5Ry7C54x6/sso/saml'
loginUrlRedirect:
type: string
description: The IDP Redirect URL. Used with IDP configurations.
example: 'https://dev-157216.okta.com/app/sailpointdev157216_cdovsaml_1/exkdaruy8Ln5Ry7C54x6/sso/saml'
mappingAttribute:
type: string
description: 'Return the saml Id for the given user, based on the IDN as SP settings of the org. Used with IDP configurations.'
example: email
certificateExpirationDate:
type: string
description: The expiration date extracted from the certificate.
example: 'Fri Mar 08 08:54:24 UTC 2013'
certificateName:
type: string
description: The name extracted from the certificate.
example: 'OU=Conext, O=Surfnet, L=Utrecht, ST=Utrecht, C=NL'
- allOf:
- type: object
properties:
role:
type: string
description: Federation protocol role
example: SAML_IDP
enum:
- SAML_IDP
- SAML_SP
entityId:
type: string
description: 'An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).'
example: 'http://www.okta.com/exkdaruy8Ln5Ry7C54x6'
- type: object
description: Specification of a Service Provider Details
properties:
alias:
type: string
description: Unique alias used to identify the selected local service provider based on used URL. Used with SP configurations.
example: acme-sp
callbackUrl:
type: string
description: The allowed callback URL where users will be redirected to after authentication. Used with SP configurations.
example: 'https://stradbroke-sso.identitysoon.com/sso/Consumer/metaAlias/cdov-saml/sp'
legacyAcsUrl:
type: string
description: The legacy ACS URL used for SAML authentication. Used with SP configurations.
example: 'https://megapod-useast1-sso.identitysoon.com/sso/Consumer/metaAlias/acme/sp'
required:
- callbackUrl
example:
- role: SAML_IDP
entityId: 'http://www.okta.com/exktq4o24bmQA4fr60h7'
cert: MIIDpDCCAoygAwIBAgIGAYhZ+b29MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi0yMDY0NDUxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjMwNTI2MjEzMDU5WhcNMzMwNTI2MjEzMTU5WjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtMjA2NDQ1MRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvi1+WbF2ceGlLCrLl5PrG1lpj04IsrHX6OE666ObC2WFh+Nxvpxy+Vmzon9c9+akhK3bTv+9ifEoVc6tA1qWuCfXISAn9g81JqI68I1PGUbe6eF8pmOA18rjOrt7x94k4QukpR3+I8DfPJ+TynatltB51laLb8H4jchMafA4rDTjV/ZiYPxV0LMEIbprVyGuvBEhiEWha3wwVdDuJq996okX36YNS8PcGH+5CJ8c3YWZp/wrspgJmfCooMXeV+6zBpZfXqPpMWlUo0gcZqDOFgy3r4vkXehJdVYRlInMfDv04Lvy8VI1YAZClG/duO/6o9YVUFLjD9s+mQfhgaF5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB1CTrA/pTHkarbhMHsdSFAjVoYWwdAfrssG99rIjwwr/CW9tavTC3keaoUmUeddcnLY4V/TfL07+xgQGHCBR88cnzG9h6rC9qWxt6C3nug3YDVQfkdCDgnW9A8QEvLeq/KVLoRccpJNEENb2Y5ESUXHi1+PtjkFBtvfSgZ4eEhVggirL0bJdWVm700hCnjb2iCGSbSX7WflfPi0GSmjht983caG9OwZDnDzNFt8qGWCxo4bNSThT00JnWEN/6f1BWNOt9YDrxqEyNclqhLL+RDqFsPBFIrQlsoXzqpWqCL8oS9UMNxbGATK2v3d5ueE9+SswBAFBhirCuqZw19Ri2W
loginUrlPost: 'https://dev-206445.oktapreview.com/app/tivolidev206445_acmeidntest_1/exktq4o24bmQA4fr60h7/sso/saml'
loginUrlRedirect: 'https://dev-206445.oktapreview.com/app/tivolidev206445_acmeidntest_1/exktq4o24bmQA4fr60h7/sso/saml'
logoutUrl: 'https://dev-206445.oktapreview.com/login/signout'
nameId: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
authnContext: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
includeAuthnContext: true
mappingAttribute: email
jitConfiguration:
enabled: true
sourceId: 2c9180897427f3a501745042afc83144
sourceAttributeMappings:
firstName: okta.firstName
lastName: okta.lastName
email: okta.email
certificateExpirationDate: 'Thu May 26 21:31:59 GMT 2033'
certificateName: 'EMAILADDRESS=info@okta.com, CN=dev-206445, OU=SSOProvider, O=Okta, L=San Francisco, ST=California, C=US'
- role: SAML_SP
entityId: 'https://acme.identitysoon.com/sp'
alias: acme-sp
callbackUrl: 'https://acme.test-login.sailpoint.com/saml/SSO/alias/acme-sp'
legacyAcsUrl: 'https://megapod-useast1-sso.identitysoon.com/sso/Consumer/metaAlias/acme/sp'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
400.1 Bad Request Content:
description: Response for bad request content
value:
detailCode: 400.1 Bad Request Content
trackingId: e7eab60924f64aa284175b9fa3309599
messages:
- locale: en
localeOrigin: REQUEST
text: firstName is required; accountName is required;
400.1.3 Illegal value:
description: Response for Illegal value
value:
detailCode: 400.1.3 Illegal value
trackingId: e7eab60924f64aa284175b9fa3309599
messages:
- locale: en
localeOrigin: REQUEST
text: JIT source id is invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth: []
/auth-org/session-config:
get:
operationId: getAuthOrgSessionConfig
tags:
- Global Tenant Security Settings
summary: Get auth org session configuration.
description: This API returns the details of an org's session auth configuration.
security:
- userAuth:
- 'sp:auth-org:read'
responses:
'200':
description: Session configuration for the tenant's auth org.
content:
application/json:
schema:
type: object
properties:
maxIdleTime:
type: integer
format: int32
description: The maximum time in minutes a session can be idle.
example: 15
rememberMe:
type: boolean
description: Denotes if 'remember me' is enabled.
default: false
example: true
maxSessionTime:
type: integer
format: int32
description: The maximum allowable session time in minutes.
example: 45
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchAuthOrgSessionConfig
tags:
- Global Tenant Security Settings
summary: Update auth org session configuration
description: This API updates an existing session configuration for an org using PATCH.
security:
- userAuth:
- 'sp:auth-org:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- HELPDESK
requestBody:
required: true
description: |
A list of auth org session configuration update operations according to
the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Ensures that the patched Session Config conforms to certain logical
guidelines, which are:
`1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week)
2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day)
3. maxSessionTime must have a greater duration than maxIdleTime.`
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /rememberMe
value: 'true,'
- op: add
path: /maxSessionTime
value: 480
responses:
'200':
description: Updated Auth Org session configuration.
content:
application/json:
schema:
type: object
properties:
maxIdleTime:
type: integer
format: int32
description: The maximum time in minutes a session can be idle.
example: 15
rememberMe:
type: boolean
description: Denotes if 'remember me' is enabled.
default: false
example: true
maxSessionTime:
type: integer
format: int32
description: The maximum allowable session time in minutes.
example: 45
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/auth-users/{id}':
get:
operationId: getAuthUser
tags:
- Auth Users
summary: Auth user details
description: Return the specified user's authentication system details.
parameters:
- in: path
name: id
description: Identity ID
required: true
x-sailpoint-resource-operation-id: listIdentities
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
security:
- userAuth:
- 'sp:auth-user:read'
responses:
'200':
description: The specified user's authentication system details.
content:
application/json:
schema:
type: object
properties:
tenant:
type: string
description: Tenant name.
example: test-tenant
id:
type: string
description: Identity ID.
example: 2c91808458ae7a4f0158b1bbf8af0628
uid:
type: string
description: Identity's unique identitifier.
example: will.smith
profile:
type: string
description: ID of the auth profile associated with the auth user.
example: 2c91808458ae7a4f0158b1bbf8af0756
identificationNumber:
type: string
description: Auth user's employee number.
example: 19-5588452
nullable: true
email:
type: string
description: Auth user's email.
example: william.smith@example.com
nullable: true
phone:
type: string
description: Auth user's phone number.
example: '5555555555'
nullable: true
workPhone:
type: string
description: Auth user's work phone number.
example: '5555555555'
nullable: true
personalEmail:
type: string
description: Auth user's personal email.
example: william.smith@example.com
nullable: true
firstname:
type: string
description: Auth user's first name.
example: Will
nullable: true
lastname:
type: string
description: Auth user's last name.
example: Smith
nullable: true
displayName:
type: string
description: Auth user's name in displayed format.
example: Will Smith
alias:
type: string
description: Auth user's alias.
example: will.smith
lastPasswordChangeDate:
type: string
format: date-time
description: Date of last password change.
example: '2021-03-08T22:37:33.901Z'
nullable: true
lastLoginTimestamp:
description: Timestamp of the last login (long type value).
type: integer
format: int64
example: 1656327185832
currentLoginTimestamp:
description: Timestamp of the current login (long type value).
type: integer
format: int64
example: 1656327185832
lastUnlockTimestamp:
type: string
format: date-time
description: The date and time when the user was last unlocked.
example: '2021-03-08T22:37:33.901Z'
nullable: true
capabilities:
description: Array of the auth user's capabilities.
type: array
nullable: true
items:
type: string
enum:
- CERT_ADMIN
- CLOUD_GOV_ADMIN
- CLOUD_GOV_USER
- HELPDESK
- ORG_ADMIN
- REPORT_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SAAS_MANAGEMENT_ADMIN
- SAAS_MANAGEMENT_READER
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- 'das:ui-administrator'
- 'das:ui-compliance_manager'
- 'das:ui-auditor'
- 'das:ui-data-scope'
- 'sp:aic-dashboard-read'
- 'sp:aic-dashboard-write'
- 'sp:ui-config-hub-admin'
- 'sp:ui-config-hub-backup-admin'
- 'sp:ui-config-hub-read'
example: ORG_ADMIN
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchAuthUser
tags:
- Auth Users
summary: Auth user update
description: |-
Use a PATCH request to update an existing user in the authentication system.
Use this endpoint to modify these fields:
* `capabilities`
A '400.1.1 Illegal update attempt' detail code indicates that you attempted to PATCH a field that is not allowed.
security:
- userAuth:
- 'sp:auth-user:update'
parameters:
- in: path
name: id
description: Identity ID
required: true
x-sailpoint-resource-operation-id: listIdentities
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: 'A list of auth user update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /capabilities
value:
- ORG_ADMIN
responses:
'200':
description: Auth user updated.
content:
application/json:
schema:
type: object
properties:
tenant:
type: string
description: Tenant name.
example: test-tenant
id:
type: string
description: Identity ID.
example: 2c91808458ae7a4f0158b1bbf8af0628
uid:
type: string
description: Identity's unique identitifier.
example: will.smith
profile:
type: string
description: ID of the auth profile associated with the auth user.
example: 2c91808458ae7a4f0158b1bbf8af0756
identificationNumber:
type: string
description: Auth user's employee number.
example: 19-5588452
nullable: true
email:
type: string
description: Auth user's email.
example: william.smith@example.com
nullable: true
phone:
type: string
description: Auth user's phone number.
example: '5555555555'
nullable: true
workPhone:
type: string
description: Auth user's work phone number.
example: '5555555555'
nullable: true
personalEmail:
type: string
description: Auth user's personal email.
example: william.smith@example.com
nullable: true
firstname:
type: string
description: Auth user's first name.
example: Will
nullable: true
lastname:
type: string
description: Auth user's last name.
example: Smith
nullable: true
displayName:
type: string
description: Auth user's name in displayed format.
example: Will Smith
alias:
type: string
description: Auth user's alias.
example: will.smith
lastPasswordChangeDate:
type: string
format: date-time
description: Date of last password change.
example: '2021-03-08T22:37:33.901Z'
nullable: true
lastLoginTimestamp:
description: Timestamp of the last login (long type value).
type: integer
format: int64
example: 1656327185832
currentLoginTimestamp:
description: Timestamp of the current login (long type value).
type: integer
format: int64
example: 1656327185832
lastUnlockTimestamp:
type: string
format: date-time
description: The date and time when the user was last unlocked.
example: '2021-03-08T22:37:33.901Z'
nullable: true
capabilities:
description: Array of the auth user's capabilities.
type: array
nullable: true
items:
type: string
enum:
- CERT_ADMIN
- CLOUD_GOV_ADMIN
- CLOUD_GOV_USER
- HELPDESK
- ORG_ADMIN
- REPORT_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SAAS_MANAGEMENT_ADMIN
- SAAS_MANAGEMENT_READER
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- 'das:ui-administrator'
- 'das:ui-compliance_manager'
- 'das:ui-auditor'
- 'das:ui-data-scope'
- 'sp:aic-dashboard-read'
- 'sp:aic-dashboard-write'
- 'sp:ui-config-hub-admin'
- 'sp:ui-config-hub-backup-admin'
- 'sp:ui-config-hub-read'
example: ORG_ADMIN
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/brandings:
get:
operationId: getBrandingList
tags:
- Branding
summary: List of branding items
description: This API endpoint returns a list of branding items.
security:
- userAuth:
- 'idn:branding:read'
- applicationAuth:
- 'idn:branding:read'
x-sailpoint-userLevels:
- ORG_ADMIN
responses:
'200':
description: A list of branding items.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: name of branding item
example: default
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
nullable: true
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
nullable: true
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
nullable: true
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
nullable: true
standardLogoURL:
type: string
description: url to standard logo
example: ''
nullable: true
loginInformationalMessage:
type: string
description: login information message
example: ''
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createBrandingItem
tags:
- Branding
summary: Create a branding item
description: This API endpoint creates a branding item.
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
required:
- name
- productName
properties:
name:
type: string
description: name of branding item
example: custom-branding-item
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
loginInformationalMessage:
type: string
description: login information message
example: ''
fileStandard:
type: string
format: binary
description: png file with logo
example: \x00\x00\x00\x02
security:
- userAuth:
- 'idn:branding:manage'
- applicationAuth:
- 'idn:branding:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
responses:
'201':
description: Branding item created
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: name of branding item
example: default
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
nullable: true
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
nullable: true
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
nullable: true
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
nullable: true
standardLogoURL:
type: string
description: url to standard logo
example: ''
nullable: true
loginInformationalMessage:
type: string
description: login information message
example: ''
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/brandings/{name}':
get:
operationId: getBranding
tags:
- Branding
summary: Get a branding item
description: 'This API endpoint retrieves information for an existing branding item by name. '
security:
- userAuth:
- 'idn:branding:read'
- applicationAuth:
- 'idn:branding:read'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: name
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getBrandingList
description: The name of the branding item to be retrieved
example: default
responses:
'200':
description: A branding item object
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: name of branding item
example: default
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
nullable: true
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
nullable: true
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
nullable: true
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
nullable: true
standardLogoURL:
type: string
description: url to standard logo
example: ''
nullable: true
loginInformationalMessage:
type: string
description: login information message
example: ''
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setBrandingItem
tags:
- Branding
summary: Update a branding item
description: This API endpoint updates information for an existing branding item.
parameters:
- in: path
name: name
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getBrandingList
description: The name of the branding item to be retrieved
example: default
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
required:
- name
- productName
properties:
name:
type: string
description: name of branding item
example: custom-branding-item
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
loginInformationalMessage:
type: string
description: login information message
example: ''
fileStandard:
type: string
format: binary
description: png file with logo
example: \x00\x00\x00\x02
security:
- userAuth:
- 'idn:branding:manage'
- applicationAuth:
- 'idn:branding:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
responses:
'200':
description: Branding item updated
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: name of branding item
example: default
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
nullable: true
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
nullable: true
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
nullable: true
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
nullable: true
standardLogoURL:
type: string
description: url to standard logo
example: ''
nullable: true
loginInformationalMessage:
type: string
description: login information message
example: ''
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteBranding
tags:
- Branding
summary: Delete a branding item
description: 'This API endpoint delete information for an existing branding item by name. '
security:
- userAuth:
- 'idn:branding:manage'
- applicationAuth:
- 'idn:branding:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: name
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getBrandingList
description: The name of the branding item to be deleted
example: default
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaigns:
get:
operationId: getActiveCampaigns
tags:
- Certification Campaigns
summary: List campaigns
description: |
Use this API to get a list of campaigns. This API can provide increased level of detail for each campaign for the correct provided query.
security:
- userAuth:
- 'idn:campaign:read'
- 'idn:campaign:manage'
- 'idn:campaign-report:read'
- 'idn:campaign-report:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
- REPORT_ADMIN
parameters:
- in: query
name: detail
schema:
type: string
enum:
- SLIM
- FULL
required: false
description: 'Determines whether slim, or increased level of detail is provided for each campaign in the returned list. Slim is the default behavior.'
example: FULL
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
required: false
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**status**: *eq, in*
example: name eq "Manager Campaign"
- in: query
name: sorters
schema:
type: string
format: comma-separated
required: false
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created**
example: name
responses:
'200':
description: A list of campaign objects. By default list of SLIM campaigns is returned.
content:
application/json:
schema:
type: array
items:
anyOf:
- type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
nullable: true
name:
description: |
The campaign name. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
type: string
example: Manager Campaign
description:
type: string
nullable: true
description: |
The campaign description. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
example: Everyone needs to be reviewed by their manager
deadline:
type: string
nullable: true
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
- MACHINE_ACCOUNT
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
nullable: true
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
- null
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
nullable: true
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
nullable: true
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
nullable: true
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
nullable: true
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
nullable: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
filter:
type: object
nullable: true
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: The reviewer's name.
example: William Wilson
query:
type: string
nullable: true
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
nullable: true
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
nullable: true
description: Optional configuration options for role composition campaigns.
properties:
reviewerId:
type: string
description: The ID of the identity or governance group reviewing this campaign. Deprecated in favor of the "reviewer" object.
deprecated: true
example: 2c91808568c529c60168cca6f90c1313
nullable: true
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
nullable: true
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
nullable: true
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
machineAccountCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is MACHINE_ACCOUNT.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
reviewerType:
type: string
description: The reviewer's type.
enum:
- ACCOUNT_OWNER
example: ACCOUNT_OWNER
sourcesWithOrphanEntitlements:
type: array
nullable: true
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
nullable: true
name:
description: |
The campaign name. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
type: string
example: Manager Campaign
description:
type: string
nullable: true
description: |
The campaign description. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
example: Everyone needs to be reviewed by their manager
deadline:
type: string
nullable: true
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
- MACHINE_ACCOUNT
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
nullable: true
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
- null
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
nullable: true
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
nullable: true
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
nullable: true
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
nullable: true
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
Slim Campaign:
description: List of Slim Campaigns that would result from not specifying *detail* or specifying SLIM
value:
- id: 2c918086719eec070171a7e3355a360a
name: Manager Review
description: A review of everyone's access by their manager.
deadline: '2020-12-25T06:00:00.123Z'
type: MANAGER
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: '2022-08-02T19:00:27.731Z'
totalCertifications: 10
completedCertifications: 3
alerts:
- level: ERROR
localizations:
- locale: en
localeOrigin: DEFAULT
text: Composite criterion must have children non-composite criterion must not.
- id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign Info
deadline: '2022-07-26T15:42:44Z'
type: SEARCH
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: '2022-07-25T15:42:18.276Z'
totalCertifications: 5
completedCertifications: 3
alerts: null
- id: 2c918086719eec070171a7e3355a412b
name: AD Source Review
description: A review of our AD source.
deadline: '2020-12-25T06:00:00.123Z'
type: SOURCE_OWNER
status: STAGED
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
created: '2022-07-27T17:04:19.027Z'
totalCertifications: 7
completedCertifications: 3
alerts:
- level: WARN
localizations:
- locale: en
localeOrigin: DEFAULT
text: Composite criterion is in wrong format.
- id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
description: A review done by a role owner.
deadline: '2020-12-25T06:00:00.468Z'
type: ROLE_COMPOSITION
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: '2022-08-02T20:29:51.065Z'
totalCertifications: 1
completedCertifications: 1
alerts: null
Full Campaign:
description: List of Campaigns that would result from specifying *detail* as FULL
value:
- id: 078696a575e045c68d6722ccdb9f101d
name: Role Composition Campaign
description: A review done by a role owner.
deadline: '2020-12-25T06:00:00.468Z'
type: ROLE_COMPOSITION
status: ERROR
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
modified: '2022-08-02T20:29:51.331Z'
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Role Composition Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
sourcesWithOrphanEntitlements: null
mandatoryCommentRequirement: NO_DECISIONS
- id: 1be8fc1103914bf0a4e14e316b6a7b7c
name: Manager Review
description: A review of everyone's access by their manager.
deadline: '2020-12-25T06:00:00.468Z'
type: MANAGER
status: STAGED
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
modified: '2022-08-02T19:00:34.391Z'
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
sourcesWithOrphanEntitlements: []
mandatoryCommentRequirement: NO_DECISIONS
- id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign for Identities
deadline: '2022-07-26T15:42:44Z'
type: SEARCH
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
modified: '2022-07-25T15:42:53.718Z'
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: IDENTITY
description: Example of Search Campaign
reviewer:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: null
query: user
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
sourcesWithOrphanEntitlements: []
mandatoryCommentRequirement: NO_DECISIONS
- id: ad3cf3dd50394b1bad646de4bc51b999
name: Source Owner Campaign
description: Example for Source Owner Campaign
deadline: '2022-08-10T17:09:02Z'
type: SOURCE_OWNER
status: ACTIVE
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
modified: '2022-07-27T17:09:13.925Z'
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c91808781fd5aea01821200dc88318e
searchCampaignInfo: null
roleCompositionCampaignInfo: null
sourcesWithOrphanEntitlements: []
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createCampaign
tags:
- Certification Campaigns
summary: Create a campaign
description: |
Use this API to create a certification campaign with the information provided in the request body.
security:
- userAuth:
- 'idn:campaign:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
requestBody:
required: true
content:
application/json:
schema:
type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
nullable: true
name:
description: |
The campaign name. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
type: string
example: Manager Campaign
description:
type: string
nullable: true
description: |
The campaign description. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
example: Everyone needs to be reviewed by their manager
deadline:
type: string
nullable: true
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
- MACHINE_ACCOUNT
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
nullable: true
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
- null
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
nullable: true
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
nullable: true
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
nullable: true
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
nullable: true
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
nullable: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
filter:
type: object
nullable: true
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: The reviewer's name.
example: William Wilson
query:
type: string
nullable: true
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
nullable: true
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
nullable: true
description: Optional configuration options for role composition campaigns.
properties:
reviewerId:
type: string
description: The ID of the identity or governance group reviewing this campaign. Deprecated in favor of the "reviewer" object.
deprecated: true
example: 2c91808568c529c60168cca6f90c1313
nullable: true
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
nullable: true
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
nullable: true
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
machineAccountCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is MACHINE_ACCOUNT.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
reviewerType:
type: string
description: The reviewer's type.
enum:
- ACCOUNT_OWNER
example: ACCOUNT_OWNER
sourcesWithOrphanEntitlements:
type: array
nullable: true
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
examples:
Manager:
value:
name: Manager Review
description: A review of everyone's access by their manager.
deadline: '2020-12-25T06:00:00.468Z'
type: MANAGER
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
filter:
type: CAMPAIGN_FILTER
id: 0c46fb26c6b20967a55517ee90d15b93
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
name: Search Campaign
description: Search Campaign
deadline: '2020-12-25T06:00:00.468Z'
type: SEARCH
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
filter:
type: CAMPAIGN_FILTER
id: 0c46fb26c6b20967a55517ee90d15b93
searchCampaignInfo:
type: ACCESS
query: user
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
name: Source Owner
description: Source Owner Info
deadline: '2020-12-25T06:00:00.468Z'
type: SOURCE_OWNER
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
filter:
type: CAMPAIGN_FILTER
id: 0c46fb26c6b20967a55517ee90d15b93
sourceOwnerCampaignInfo:
sourceIds:
- 612b31b1a0f04aaf83123bdb80e70db6
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Role Composition:
value:
name: Role Composition Campaign
description: A review done by a role owner.
deadline: '2020-12-25T06:00:00.468Z'
type: ROLE_COMPOSITION
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
filter:
type: CAMPAIGN_FILTER
id: 0c46fb26c6b20967a55517ee90d15b93
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
roleIds:
- b15d609fc5c8434b865fe552315fda8f
mandatoryCommentRequirement: NO_DECISIONS
Machine Account:
value:
name: Machine Account Owner Campaign
description: A review done by a Machine Account's owner.
deadline: '2024-12-25T06:00:00.468Z'
type: MACHINE_ACCOUNT
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
filter:
type: CAMPAIGN_FILTER
id: 0c46fb26c6b20967a55517ee90d15b93
machineAccountCampaignInfo:
sourceIds:
- d988f117b7624a16ab0b64c439d5dbb8
reviewerType: ACCOUNT_OWNER
responses:
'200':
description: 'This response indicates that the requested campaign was successfully created, and the API returns its representation.'
content:
application/json:
schema:
type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
nullable: true
name:
description: |
The campaign name. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
type: string
example: Manager Campaign
description:
type: string
nullable: true
description: |
The campaign description. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
example: Everyone needs to be reviewed by their manager
deadline:
type: string
nullable: true
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
- MACHINE_ACCOUNT
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
nullable: true
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
- null
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
nullable: true
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
nullable: true
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
nullable: true
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
nullable: true
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
nullable: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
filter:
type: object
nullable: true
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: The reviewer's name.
example: William Wilson
query:
type: string
nullable: true
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
nullable: true
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
nullable: true
description: Optional configuration options for role composition campaigns.
properties:
reviewerId:
type: string
description: The ID of the identity or governance group reviewing this campaign. Deprecated in favor of the "reviewer" object.
deprecated: true
example: 2c91808568c529c60168cca6f90c1313
nullable: true
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
nullable: true
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
nullable: true
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
machineAccountCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is MACHINE_ACCOUNT.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
reviewerType:
type: string
description: The reviewer's type.
enum:
- ACCOUNT_OWNER
example: ACCOUNT_OWNER
sourcesWithOrphanEntitlements:
type: array
nullable: true
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
examples:
Manager:
value:
id: 5594f43b76804a6980ece5fdccf74be7
name: Manager Review
description: A review of everyone's access by their manager.
deadline: '2020-12-25T06:00:00.468Z'
type: MANAGER
status: PENDING
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: '2022-08-02T20:21:18.421Z'
modified: null
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
machineAccountCampaignInfo: null
alerts: null
totalCertifications: 0
completedCertifications: 0
sourcesWithOrphanEntitlements: null
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
id: ec041831cb2147778b594feb9d8db44a
name: Search Campaign
description: Search Campaign
deadline: '2020-12-25T06:00:00.468Z'
type: SEARCH
status: PENDING
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: '2022-08-03T13:54:34.344Z'
modified: null
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: user
reviewer:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: null
query: user
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
machineAccountCampaignInfo: null
alerts: null
totalCertifications: 0
completedCertifications: 0
sourcesWithOrphanEntitlements: null
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
id: fd7b76ba4ea042de8a9414aa12fc977a
name: Source Owner
description: Source Owner Info
deadline: '2020-12-25T06:00:00.468Z'
type: SOURCE_OWNER
status: PENDING
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: '2022-08-03T13:34:19.541Z'
modified: null
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
sourceIds:
- 612b31b1a0f04aaf83123bdb80e70db6
searchCampaignInfo: null
roleCompositionCampaignInfo: null
machineAccountCampaignInfo: null
alerts: null
totalCertifications: 0
completedCertifications: 0
sourcesWithOrphanEntitlements: null
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Role Composition:
value:
id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
description: A review done by a role owner.
deadline: '2020-12-25T06:00:00.468Z'
type: ROLE_COMPOSITION
status: PENDING
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: '2022-08-02T20:30:46.083Z'
modified: null
filter:
type: CAMPAIGN_FILTER
id: 0fbe863c063c4c88a35fd7f17e8a3df5
name: Test Role Composition Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: 0
completedCertifications: 0
sourcesWithOrphanEntitlements: null
machineAccountCampaignInfo: null
mandatoryCommentRequirement: NO_DECISIONS
Machine Account Owner:
value:
id: 3e9ff3d6555e4721b74695d5b578e847
name: Machine Account Owner Campaign
description: A review done by a machine account's owner.
deadline: '2024-05-07T19:43:38.186Z'
type: MACHINE_ACCOUNT
status: PENDING
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
created: '2024-04-23T19:43:38.355Z'
modified: '2024-04-23T19:43:38.355Z'
filter: null
sunsetCommentsRequired: true
mandatoryCommentRequirement: NO_DECISIONS
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
totalCertifications: 0
completedCertifications: 0
alerts: null
correlatedStatus: CORRELATED
sourcesWithOrphanEntitlements: []
machineAccountCampaignInfo:
sourceIds:
- d988f117b7624a16ab0b64c439d5dbb8
reviewerType: ACCOUNT_OWNER
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}':
get:
operationId: getCampaign
tags:
- Certification Campaigns
summary: Get campaign
description: |
Use this API to get information for an existing certification campaign by the campaign's ID.
security:
- userAuth:
- 'idn:campaign:read'
- 'idn:campaign:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getActiveCampaigns
description: ID of the campaign to be retrieved.
example: 2c91808571bcfcf80171c23e4b4221fc
- in: query
name: detail
schema:
type: string
enum:
- SLIM
- FULL
required: false
description: 'Determines whether slim, or increased level of detail is provided for each campaign in the returned list. Slim is the default behavior.'
example: FULL
responses:
'200':
description: Requested campaign object.
content:
application/json:
schema:
anyOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
nullable: true
name:
description: |
The campaign name. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
type: string
example: Manager Campaign
description:
type: string
nullable: true
description: |
The campaign description. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
example: Everyone needs to be reviewed by their manager
deadline:
type: string
nullable: true
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
- MACHINE_ACCOUNT
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
nullable: true
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
- null
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
nullable: true
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
nullable: true
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
nullable: true
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
nullable: true
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
nullable: true
name:
description: |
The campaign name. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
type: string
example: Manager Campaign
description:
type: string
nullable: true
description: |
The campaign description. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
example: Everyone needs to be reviewed by their manager
deadline:
type: string
nullable: true
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
- MACHINE_ACCOUNT
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
nullable: true
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
- null
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
nullable: true
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
nullable: true
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
nullable: true
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
nullable: true
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
nullable: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
filter:
type: object
nullable: true
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: The reviewer's name.
example: William Wilson
query:
type: string
nullable: true
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
nullable: true
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
nullable: true
description: Optional configuration options for role composition campaigns.
properties:
reviewerId:
type: string
description: The ID of the identity or governance group reviewing this campaign. Deprecated in favor of the "reviewer" object.
deprecated: true
example: 2c91808568c529c60168cca6f90c1313
nullable: true
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
nullable: true
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
nullable: true
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
machineAccountCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is MACHINE_ACCOUNT.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
reviewerType:
type: string
description: The reviewer's type.
enum:
- ACCOUNT_OWNER
example: ACCOUNT_OWNER
sourcesWithOrphanEntitlements:
type: array
nullable: true
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
examples:
Manager:
value:
id: 2c918086719eec070171a7e3355a360a
name: Manager Review
description: A review of everyone's access by their manager.
deadline: '2020-12-25T06:00:00.123Z'
type: MANAGER
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
Search:
value:
id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign Info
deadline: '2022-07-26T15:42:44Z'
type: SEARCH
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
Source Owner:
value:
id: 2c918086719eec070171a7e3355a412b
name: AD Source Review
description: A review of our AD source.
deadline: '2020-12-25T06:00:00.123Z'
type: SOURCE_OWNER
status: STAGED
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
RoleComposition:
value:
id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
description: A review done by a role owner.
deadline: '2020-12-25T06:00:00.468Z'
type: ROLE_COMPOSITION
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateCampaign
tags:
- Certification Campaigns
summary: Update a campaign
description: |
Use this API to update individual fields on a certification campaign, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
security:
- userAuth:
- 'idn:campaign:read'
- 'idn:campaign:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getActiveCampaigns
description: ID of the campaign template being modified.
example: 2c91808571bcfcf80171c23e4b4221fc
requestBody:
required: true
description: |
A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The fields that can be patched differ based on the status of the campaign.
When the campaign is in the *STAGED* status, you can patch these fields:
* name
* description
* recommendationsEnabled
* deadline
* emailNotificationEnabled
* autoRevokeAllowed
When the campaign is in the *ACTIVE* status, you can patch these fields:
* deadline
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /name
value: This field has been updated!
- op: copy
from: /name
path: /description
responses:
'200':
description: 'This response indicates that the PATCH operation succeeded, and the API returns the campaign''s new representation.'
content:
application/json:
schema:
type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
nullable: true
name:
description: |
The campaign name. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
type: string
example: Manager Campaign
description:
type: string
nullable: true
description: |
The campaign description. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
example: Everyone needs to be reviewed by their manager
deadline:
type: string
nullable: true
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
- MACHINE_ACCOUNT
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
nullable: true
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
- null
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
nullable: true
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
nullable: true
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
nullable: true
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
nullable: true
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
Manager:
value:
id: 2c918086719eec070171a7e3355a360a
name: Manager Review
description: A review of everyone's access by their manager.
deadline: '2020-12-25T06:00:00.123Z'
type: MANAGER
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
Search:
value:
id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign Info
deadline: '2022-07-26T15:42:44Z'
type: SEARCH
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
Source Owner:
value:
id: 2c918086719eec070171a7e3355a412b
name: AD Source Review
description: A review of our AD source.
deadline: '2020-12-25T06:00:00.123Z'
type: SOURCE_OWNER
status: STAGED
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
RoleComposition:
value:
id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
description: A review done by a role owner.
deadline: '2020-12-25T06:00:00.468Z'
type: ROLE_COMPOSITION
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/reassign':
post:
security:
- userAuth:
- 'idn:campaign:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
operationId: move
tags:
- Certification Campaigns
summary: Reassign certifications
description: |
This API reassigns the specified certifications from one identity to another.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getActiveCampaigns
description: The certification campaign ID
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
certificationIds:
description: List of certification IDs to reassign
type: array
items:
type: string
minItems: 1
maxItems: 250
example:
- af3859464779471211bb8424a563abc1
- af3859464779471211bb8424a563abc2
- af3859464779471211bb8424a563abc3
reassignTo:
type: object
properties:
id:
type: string
description: The identity ID to which the review is being assigned.
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
description: The type of the ID provided.
enum:
- IDENTITY
example: IDENTITY
reason:
type: string
description: Comment to explain why the certification was reassigned
example: reassigned for some reason
responses:
'202':
description: The reassign task that has been submitted.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the certification task.
example: 2c918086719eec070171a7e3355a360a
type:
type: string
description: The type of the certification task. More values may be added in the future.
enum:
- REASSIGN
- ADMIN_REASSIGN
- COMPLETE_CERTIFICATION
- FINISH_CERTIFICATION
- COMPLETE_CAMPAIGN
- ACTIVATE_CAMPAIGN
- CAMPAIGN_CREATE
- CAMPAIGN_DELETE
example: ADMIN_REASSIGN
targetType:
type: string
description: The type of item that is being operated on by this task whose ID is stored in the targetId field.
enum:
- CERTIFICATION
- CAMPAIGN
example: CAMPAIGN
targetId:
type: string
description: The ID of the item being operated on by this task.
example: 2c918086719eec070171a7e3355a834c
status:
type: string
description: The status of the task.
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example: QUEUED
errors:
type: array
description: List of error messages
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
example:
locale: en-US
localeOrigin: DEFAULT
text: Error Message
reassignmentTrailDTOs:
description: Reassignment trails that lead to self certification identity
type: array
items:
type: object
properties:
previousOwner:
type: string
description: The ID of previous owner identity.
example: ef38f94347e94562b5bb8424a56397d8
newOwner:
type: string
description: The ID of new owner identity.
example: ef38f94347e94562b5bb8424a56397a3
reassignmentType:
type: string
description: The type of reassignment.
example: AUTOMATIC_REASSIGNMENT
example:
previousOwner: ef38f94347e94562b5bb8424a56397d8
newOwner: ef38f94347e94562b5bb8424a56397a3
reassignmentType: AUTOMATIC_REASSIGNMENT
created:
type: string
description: The date and time on which this task was created.
format: date-time
example: '2020-09-24T18:10:47.693Z'
example:
id: 2c918086719eec070171a7e3355a360a
type: ADMIN_REASSIGN
targetType: CAMPAIGN
targetId: 2c918086719eec070171a7e3355a834c
status: QUEUED
errors: []
created: '2020-09-24T18:10:47.693Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/activate':
post:
operationId: startCampaign
tags:
- Certification Campaigns
summary: Activate a campaign
description: |
Use this API to submit a job to activate the certified campaign with the specified ID. The campaign must be staged.
security:
- userAuth:
- 'idn:campaign:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
requestBody:
description: 'Optional. If no timezone is specified, the standard UTC timezone is used (i.e. UTC+00:00). Although this can take any timezone, the intended value is the caller''s timezone. The activation time calculated from the given timezone may cause the campaign deadline time to be modified, but it will remain within the original date. The timezone must be in a valid ISO 8601 format.'
required: false
content:
application/json:
schema:
type: object
properties:
timeZone:
type: string
description: 'The timezone must be in a valid ISO 8601 format. Timezones in ISO 8601 are represented as UTC (represented as ''Z'') or as an offset from UTC. The offset format can be +/-hh:mm, +/-hhmm, or +/-hh.'
default: Z
example: '-05:00'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getActiveCampaigns
description: Campaign ID.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/complete':
post:
operationId: completeCampaign
tags:
- Certification Campaigns
summary: Complete a campaign
description: |
:::caution
This endpoint will run successfully for any campaigns that are **past due**.
This endpoint will return a content error if the campaign is **not past due**.
:::
Use this API to complete a certification campaign. This functionality is provided to admins so that they
can complete a certification even if all items have not been completed.
security:
- userAuth:
- 'idn:campaign:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
requestBody:
description: 'Optional. Default behavior is for the campaign to auto-approve upon completion, unless autoCompleteAction=REVOKE'
required: false
content:
application/json:
schema:
type: object
properties:
autoCompleteAction:
description: Determines whether to auto-approve(APPROVE) or auto-revoke(REVOKE) upon campaign completion.
type: string
enum:
- APPROVE
- REVOKE
default: APPROVE
example: REVOKE
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getActiveCampaigns
description: Campaign ID.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaigns/delete:
post:
operationId: deleteCampaigns
tags:
- Certification Campaigns
summary: Delete campaigns
description: |
Use this API to delete certification campaigns whose IDs are specified in the provided list of campaign IDs.
security:
- userAuth:
- 'idn:campaign:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
requestBody:
description: IDs of the campaigns to delete.
required: true
content:
application/json:
schema:
type: object
properties:
ids:
description: The ids of the campaigns to delete
type: array
items:
type: string
example:
- 2c9180887335cee10173490db1776c26
- 2c9180836a712436016a7125a90c0021
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/run-remediation-scan':
post:
operationId: startCampaignRemediationScan
tags:
- Certification Campaigns
summary: Run campaign remediation scan
description: |
Use this API to run a remediation scan task for a certification campaign.
security:
- userAuth:
- 'idn:campaign-report:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
- REPORT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
example: 2c91808571bcfcf80171c23e4b4221fc
required: true
x-sailpoint-resource-operation-id: getActiveCampaigns
description: ID of the campaign the remediation scan is being run for.
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/reports':
get:
operationId: getCampaignReports
tags:
- Certification Campaigns
summary: Get campaign reports
description: |
Use this API to fetch all reports for a certification campaign by campaign ID.
security:
- userAuth:
- 'idn:campaign-report:read'
- 'idn:campaign-report:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
- REPORT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
example: 2c91808571bcfcf80171c23e4b4221fc
required: true
x-sailpoint-resource-operation-id: getActiveCampaigns
description: ID of the campaign whose reports are being fetched.
responses:
'200':
description: Array of campaign report objects.
content:
application/json:
schema:
type: array
items:
type: object
title: Campaign Report
required:
- reportType
allOf:
- allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
- type: object
properties:
reportType:
type: string
description: type of a Report
enum:
- CAMPAIGN_COMPOSITION_REPORT
- CAMPAIGN_REMEDIATION_STATUS_REPORT
- CAMPAIGN_STATUS_REPORT
- CERTIFICATION_SIGNOFF_REPORT
example: CAMPAIGN_COMPOSITION_REPORT
lastRunAt:
type: string
readOnly: true
format: date-time
description: The most recent date and time this report was run
example:
type: REPORT_RESULT
id: 2c91808568c529c60168cca6f90c1313
name: Campaign Composition Report
status: SUCCESS
reportType: CAMPAIGN_COMPOSITION_REPORT
lastRunAt: '2019-12-19T13:49:37.385Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaigns/{id}/run-report/{type}':
post:
operationId: startCampaignReport
tags:
- Certification Campaigns
summary: Run campaign report
description: |
Use this API to run a report for a certification campaign.
security:
- userAuth:
- 'idn:campaign-report:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
- REPORT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
example: 2c91808571bcfcf80171c23e4b4221fc
required: true
x-sailpoint-resource-operation-id: getActiveCampaigns
description: ID of the campaign the report is being run for.
- in: path
name: type
schema:
type: string
description: type of a Report
enum:
- CAMPAIGN_COMPOSITION_REPORT
- CAMPAIGN_REMEDIATION_STATUS_REPORT
- CAMPAIGN_STATUS_REPORT
- CERTIFICATION_SIGNOFF_REPORT
example: CAMPAIGN_COMPOSITION_REPORT
required: true
description: Type of the report to run.
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaigns/reports-configuration:
get:
operationId: getCampaignReportsConfig
tags:
- Certification Campaigns
summary: Get campaign reports configuration
description: |
Use this API to fetch the configuration for certification campaign reports. The configuration includes only one element - identity attributes defined as custom report columns.
security:
- userAuth:
- 'idn:campaign:read'
- 'idn:campaign:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
responses:
'200':
description: Campaign report configuration.
content:
application/json:
schema:
type: object
title: Campaign Reports Configuration
properties:
identityAttributeColumns:
type: array
nullable: true
description: list of identity attribute columns
items:
type: string
example:
- firstname
- lastname
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setCampaignReportsConfig
tags:
- Certification Campaigns
summary: Set campaign reports configuration
description: |
Use this API to overwrite the configuration for campaign reports.
security:
- userAuth:
- 'idn:campaign:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
requestBody:
required: true
description: Campaign report configuration.
content:
application/json:
schema:
type: object
title: Campaign Reports Configuration
properties:
identityAttributeColumns:
type: array
nullable: true
description: list of identity attribute columns
items:
type: string
example:
- firstname
- lastname
responses:
'200':
description: The persisted campaign report configuration.
content:
application/json:
schema:
type: object
title: Campaign Reports Configuration
properties:
identityAttributeColumns:
type: array
nullable: true
description: list of identity attribute columns
items:
type: string
example:
- firstname
- lastname
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaign-filters:
post:
operationId: createCampaignFilter
tags:
- Certification Campaign Filters
summary: Create campaign filter
description: Use this API to create a campaign filter based on filter details and criteria.
security:
- userAuth:
- 'idn:campaign-filter:create'
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Campaign Filter Details
properties:
id:
type: string
description: The unique ID of the campaign filter
example: 5ec18cef39020d6fd7a60ad3970aba61
name:
type: string
description: Campaign filter name.
example: Identity Attribute Campaign Filter
description:
type: string
description: Campaign filter description.
example: Campaign filter to certify data based on an identity attribute's specified property.
owner:
type: string
description: Owner of the filter. This field automatically populates at creation time with the current user.
example: SailPoint Support
nullable: true
mode:
type: string
description: 'Mode/type of filter, either the INCLUSION or EXCLUSION type. The INCLUSION type includes the data in generated campaigns as per specified in the criteria, whereas the EXCLUSION type excludes the data in generated campaigns as per specified in criteria.'
enum:
- INCLUSION
- EXCLUSION
example: INCLUSION
criteriaList:
type: array
description: List of criteria.
items:
type: object
properties:
type:
type: string
enum:
- COMPOSITE
- ROLE
- IDENTITY
- IDENTITY_ATTRIBUTE
- ENTITLEMENT
- ACCESS_PROFILE
- SOURCE
- ACCOUNT
- AGGREGATED_ENTITLEMENT
- INVALID_CERTIFIABLE_ENTITY
- INVALID_CERTIFIABLE_BUNDLE
description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship.
example: IDENTITY_ATTRIBUTE
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
- null
description: Operation on a specific criteria
example: EQUALS
nullable: true
property:
type: string
description: Specified key from the type of criteria.
example: displayName
nullable: true
value:
type: string
description: Value for the specified key from the type of criteria.
example: Allie
nullable: true
negateResult:
type: boolean
description: 'If true, the filter will negate the result of the criteria.'
example: false
default: false
shortCircuit:
type: boolean
description: 'If true, the filter will short circuit the evaluation of the criteria.'
example: false
default: false
recordChildMatches:
type: boolean
description: 'If true, the filter will record child matches for the criteria.'
example: false
default: false
id:
type: string
description: The unique ID of the criteria.
example: 5ec18cef39020d6fd7a60ad3970aba61
nullable: true
suppressMatchedItems:
type: boolean
description: |
If this value is true, then matched items will not only be excluded from the campaign, they will also not have archived certification items created.
Such items will not appear in the exclusion report.
example: false
default: false
children:
type: array
description: List of child criteria.
items:
type: object
required:
- type
- property
- value
example:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: support
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
isSystemFilter:
type: boolean
default: false
description: 'If true, the filter is created by the system. If false, the filter is created by a user.'
example: false
required:
- id
- name
- owner
- mode
- isSystemFilter
responses:
'200':
description: Created successfully.
content:
application/json:
schema:
type: object
description: Campaign Filter Details
properties:
id:
type: string
description: The unique ID of the campaign filter
example: 5ec18cef39020d6fd7a60ad3970aba61
name:
type: string
description: Campaign filter name.
example: Identity Attribute Campaign Filter
description:
type: string
description: Campaign filter description.
example: Campaign filter to certify data based on an identity attribute's specified property.
owner:
type: string
description: Owner of the filter. This field automatically populates at creation time with the current user.
example: SailPoint Support
nullable: true
mode:
type: string
description: 'Mode/type of filter, either the INCLUSION or EXCLUSION type. The INCLUSION type includes the data in generated campaigns as per specified in the criteria, whereas the EXCLUSION type excludes the data in generated campaigns as per specified in criteria.'
enum:
- INCLUSION
- EXCLUSION
example: INCLUSION
criteriaList:
type: array
description: List of criteria.
items:
type: object
properties:
type:
type: string
enum:
- COMPOSITE
- ROLE
- IDENTITY
- IDENTITY_ATTRIBUTE
- ENTITLEMENT
- ACCESS_PROFILE
- SOURCE
- ACCOUNT
- AGGREGATED_ENTITLEMENT
- INVALID_CERTIFIABLE_ENTITY
- INVALID_CERTIFIABLE_BUNDLE
description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship.
example: IDENTITY_ATTRIBUTE
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
- null
description: Operation on a specific criteria
example: EQUALS
nullable: true
property:
type: string
description: Specified key from the type of criteria.
example: displayName
nullable: true
value:
type: string
description: Value for the specified key from the type of criteria.
example: Allie
nullable: true
negateResult:
type: boolean
description: 'If true, the filter will negate the result of the criteria.'
example: false
default: false
shortCircuit:
type: boolean
description: 'If true, the filter will short circuit the evaluation of the criteria.'
example: false
default: false
recordChildMatches:
type: boolean
description: 'If true, the filter will record child matches for the criteria.'
example: false
default: false
id:
type: string
description: The unique ID of the criteria.
example: 5ec18cef39020d6fd7a60ad3970aba61
nullable: true
suppressMatchedItems:
type: boolean
description: |
If this value is true, then matched items will not only be excluded from the campaign, they will also not have archived certification items created.
Such items will not appear in the exclusion report.
example: false
default: false
children:
type: array
description: List of child criteria.
items:
type: object
required:
- type
- property
- value
example:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: support
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
isSystemFilter:
type: boolean
default: false
description: 'If true, the filter is created by the system. If false, the filter is created by a user.'
example: false
required:
- id
- name
- owner
- mode
- isSystemFilter
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listCampaignFilters
tags:
- Certification Campaign Filters
summary: List campaign filters
description: Use this API to list all campaign filters. You can reduce scope with standard V3 query parameters.
security:
- userAuth:
- 'idn:campaign-filter-list:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: start
description: 'Start/Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.'
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: includeSystemFilters
description: 'If this is true, the API includes system filters in the count and results. Otherwise it excludes them. If no value is provided, the default is true. '
required: false
example: true
schema:
type: boolean
default: true
responses:
'200':
description: List of campaign filter objects.
content:
application/json:
schema:
type: object
properties:
items:
type: array
description: List of campaign filters.
items:
type: object
description: Campaign Filter Details
properties:
id:
type: string
description: The unique ID of the campaign filter
example: 5ec18cef39020d6fd7a60ad3970aba61
name:
type: string
description: Campaign filter name.
example: Identity Attribute Campaign Filter
description:
type: string
description: Campaign filter description.
example: Campaign filter to certify data based on an identity attribute's specified property.
owner:
type: string
description: Owner of the filter. This field automatically populates at creation time with the current user.
example: SailPoint Support
nullable: true
mode:
type: string
description: 'Mode/type of filter, either the INCLUSION or EXCLUSION type. The INCLUSION type includes the data in generated campaigns as per specified in the criteria, whereas the EXCLUSION type excludes the data in generated campaigns as per specified in criteria.'
enum:
- INCLUSION
- EXCLUSION
example: INCLUSION
criteriaList:
type: array
description: List of criteria.
items:
type: object
properties:
type:
type: string
enum:
- COMPOSITE
- ROLE
- IDENTITY
- IDENTITY_ATTRIBUTE
- ENTITLEMENT
- ACCESS_PROFILE
- SOURCE
- ACCOUNT
- AGGREGATED_ENTITLEMENT
- INVALID_CERTIFIABLE_ENTITY
- INVALID_CERTIFIABLE_BUNDLE
description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship.
example: IDENTITY_ATTRIBUTE
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
- null
description: Operation on a specific criteria
example: EQUALS
nullable: true
property:
type: string
description: Specified key from the type of criteria.
example: displayName
nullable: true
value:
type: string
description: Value for the specified key from the type of criteria.
example: Allie
nullable: true
negateResult:
type: boolean
description: 'If true, the filter will negate the result of the criteria.'
example: false
default: false
shortCircuit:
type: boolean
description: 'If true, the filter will short circuit the evaluation of the criteria.'
example: false
default: false
recordChildMatches:
type: boolean
description: 'If true, the filter will record child matches for the criteria.'
example: false
default: false
id:
type: string
description: The unique ID of the criteria.
example: 5ec18cef39020d6fd7a60ad3970aba61
nullable: true
suppressMatchedItems:
type: boolean
description: |
If this value is true, then matched items will not only be excluded from the campaign, they will also not have archived certification items created.
Such items will not appear in the exclusion report.
example: false
default: false
children:
type: array
description: List of child criteria.
items:
type: object
required:
- type
- property
- value
example:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: support
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
isSystemFilter:
type: boolean
default: false
description: 'If true, the filter is created by the system. If false, the filter is created by a user.'
example: false
required:
- id
- name
- owner
- mode
- isSystemFilter
count:
type: integer
description: Number of filters returned.
example: 2
example:
items:
- id: 5b8a2ba86393dd174495c4436dd76b25
name: IdentityAttribute Inclusion Campaign Filter
description: IdentityAttribute Inclusion Campaign Filter
owner: SailPoint Support
mode: INCLUSION
criteriaList:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: '#'
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
isSystemFilter: false
- id: e9f9a1397b842fd5a65842087040d3ac
name: Exclusion Campaign Filter
description: Campaign filter for Exclusion update
owner: SailPoint Support
mode: EXCLUSION
criteriaList:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: '#@'
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
isSystemFilter: false
count: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaign-filters/{id}':
get:
operationId: getCampaignFilterById
tags:
- Certification Campaign Filters
summary: Get campaign filter by id
description: Retrieves information for an existing campaign filter using the filter's ID.
security:
- userAuth:
- 'idn:campaign-filter:read'
parameters:
- in: path
name: id
schema:
type: string
example: e9f9a1397b842fd5a65842087040d3ac
required: true
x-sailpoint-resource-operation-id: listCampaignFilters
description: The ID of the campaign filter to be retrieved.
responses:
'200':
description: A campaign filter object.
content:
application/json:
schema:
type: object
description: Campaign Filter Details
properties:
id:
type: string
description: The unique ID of the campaign filter
example: 5ec18cef39020d6fd7a60ad3970aba61
name:
type: string
description: Campaign filter name.
example: Identity Attribute Campaign Filter
description:
type: string
description: Campaign filter description.
example: Campaign filter to certify data based on an identity attribute's specified property.
owner:
type: string
description: Owner of the filter. This field automatically populates at creation time with the current user.
example: SailPoint Support
nullable: true
mode:
type: string
description: 'Mode/type of filter, either the INCLUSION or EXCLUSION type. The INCLUSION type includes the data in generated campaigns as per specified in the criteria, whereas the EXCLUSION type excludes the data in generated campaigns as per specified in criteria.'
enum:
- INCLUSION
- EXCLUSION
example: INCLUSION
criteriaList:
type: array
description: List of criteria.
items:
type: object
properties:
type:
type: string
enum:
- COMPOSITE
- ROLE
- IDENTITY
- IDENTITY_ATTRIBUTE
- ENTITLEMENT
- ACCESS_PROFILE
- SOURCE
- ACCOUNT
- AGGREGATED_ENTITLEMENT
- INVALID_CERTIFIABLE_ENTITY
- INVALID_CERTIFIABLE_BUNDLE
description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship.
example: IDENTITY_ATTRIBUTE
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
- null
description: Operation on a specific criteria
example: EQUALS
nullable: true
property:
type: string
description: Specified key from the type of criteria.
example: displayName
nullable: true
value:
type: string
description: Value for the specified key from the type of criteria.
example: Allie
nullable: true
negateResult:
type: boolean
description: 'If true, the filter will negate the result of the criteria.'
example: false
default: false
shortCircuit:
type: boolean
description: 'If true, the filter will short circuit the evaluation of the criteria.'
example: false
default: false
recordChildMatches:
type: boolean
description: 'If true, the filter will record child matches for the criteria.'
example: false
default: false
id:
type: string
description: The unique ID of the criteria.
example: 5ec18cef39020d6fd7a60ad3970aba61
nullable: true
suppressMatchedItems:
type: boolean
description: |
If this value is true, then matched items will not only be excluded from the campaign, they will also not have archived certification items created.
Such items will not appear in the exclusion report.
example: false
default: false
children:
type: array
description: List of child criteria.
items:
type: object
required:
- type
- property
- value
example:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: support
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
isSystemFilter:
type: boolean
default: false
description: 'If true, the filter is created by the system. If false, the filter is created by a user.'
example: false
required:
- id
- name
- owner
- mode
- isSystemFilter
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: updateCampaignFilter
tags:
- Certification Campaign Filters
summary: Updates a campaign filter
description: Updates an existing campaign filter using the filter's ID.
security:
- userAuth:
- 'idn:campaign-filter:update'
parameters:
- in: path
name: filterId
schema:
type: string
example: e9f9a1397b842fd5a65842087040d3ac
required: true
x-sailpoint-resource-operation-id: listCampaignFilters
description: The ID of the campaign filter being modified.
requestBody:
required: true
description: A campaign filter details with updated field values.
content:
application/json:
schema:
type: object
description: Campaign Filter Details
properties:
id:
type: string
description: The unique ID of the campaign filter
example: 5ec18cef39020d6fd7a60ad3970aba61
name:
type: string
description: Campaign filter name.
example: Identity Attribute Campaign Filter
description:
type: string
description: Campaign filter description.
example: Campaign filter to certify data based on an identity attribute's specified property.
owner:
type: string
description: Owner of the filter. This field automatically populates at creation time with the current user.
example: SailPoint Support
nullable: true
mode:
type: string
description: 'Mode/type of filter, either the INCLUSION or EXCLUSION type. The INCLUSION type includes the data in generated campaigns as per specified in the criteria, whereas the EXCLUSION type excludes the data in generated campaigns as per specified in criteria.'
enum:
- INCLUSION
- EXCLUSION
example: INCLUSION
criteriaList:
type: array
description: List of criteria.
items:
type: object
properties:
type:
type: string
enum:
- COMPOSITE
- ROLE
- IDENTITY
- IDENTITY_ATTRIBUTE
- ENTITLEMENT
- ACCESS_PROFILE
- SOURCE
- ACCOUNT
- AGGREGATED_ENTITLEMENT
- INVALID_CERTIFIABLE_ENTITY
- INVALID_CERTIFIABLE_BUNDLE
description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship.
example: IDENTITY_ATTRIBUTE
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
- null
description: Operation on a specific criteria
example: EQUALS
nullable: true
property:
type: string
description: Specified key from the type of criteria.
example: displayName
nullable: true
value:
type: string
description: Value for the specified key from the type of criteria.
example: Allie
nullable: true
negateResult:
type: boolean
description: 'If true, the filter will negate the result of the criteria.'
example: false
default: false
shortCircuit:
type: boolean
description: 'If true, the filter will short circuit the evaluation of the criteria.'
example: false
default: false
recordChildMatches:
type: boolean
description: 'If true, the filter will record child matches for the criteria.'
example: false
default: false
id:
type: string
description: The unique ID of the criteria.
example: 5ec18cef39020d6fd7a60ad3970aba61
nullable: true
suppressMatchedItems:
type: boolean
description: |
If this value is true, then matched items will not only be excluded from the campaign, they will also not have archived certification items created.
Such items will not appear in the exclusion report.
example: false
default: false
children:
type: array
description: List of child criteria.
items:
type: object
required:
- type
- property
- value
example:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: support
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
isSystemFilter:
type: boolean
default: false
description: 'If true, the filter is created by the system. If false, the filter is created by a user.'
example: false
required:
- id
- name
- owner
- mode
- isSystemFilter
responses:
'200':
description: Created successfully.
content:
application/json:
schema:
type: object
description: Campaign Filter Details
properties:
id:
type: string
description: The unique ID of the campaign filter
example: 5ec18cef39020d6fd7a60ad3970aba61
name:
type: string
description: Campaign filter name.
example: Identity Attribute Campaign Filter
description:
type: string
description: Campaign filter description.
example: Campaign filter to certify data based on an identity attribute's specified property.
owner:
type: string
description: Owner of the filter. This field automatically populates at creation time with the current user.
example: SailPoint Support
nullable: true
mode:
type: string
description: 'Mode/type of filter, either the INCLUSION or EXCLUSION type. The INCLUSION type includes the data in generated campaigns as per specified in the criteria, whereas the EXCLUSION type excludes the data in generated campaigns as per specified in criteria.'
enum:
- INCLUSION
- EXCLUSION
example: INCLUSION
criteriaList:
type: array
description: List of criteria.
items:
type: object
properties:
type:
type: string
enum:
- COMPOSITE
- ROLE
- IDENTITY
- IDENTITY_ATTRIBUTE
- ENTITLEMENT
- ACCESS_PROFILE
- SOURCE
- ACCOUNT
- AGGREGATED_ENTITLEMENT
- INVALID_CERTIFIABLE_ENTITY
- INVALID_CERTIFIABLE_BUNDLE
description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship.
example: IDENTITY_ATTRIBUTE
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
- null
description: Operation on a specific criteria
example: EQUALS
nullable: true
property:
type: string
description: Specified key from the type of criteria.
example: displayName
nullable: true
value:
type: string
description: Value for the specified key from the type of criteria.
example: Allie
nullable: true
negateResult:
type: boolean
description: 'If true, the filter will negate the result of the criteria.'
example: false
default: false
shortCircuit:
type: boolean
description: 'If true, the filter will short circuit the evaluation of the criteria.'
example: false
default: false
recordChildMatches:
type: boolean
description: 'If true, the filter will record child matches for the criteria.'
example: false
default: false
id:
type: string
description: The unique ID of the criteria.
example: 5ec18cef39020d6fd7a60ad3970aba61
nullable: true
suppressMatchedItems:
type: boolean
description: |
If this value is true, then matched items will not only be excluded from the campaign, they will also not have archived certification items created.
Such items will not appear in the exclusion report.
example: false
default: false
children:
type: array
description: List of child criteria.
items:
type: object
required:
- type
- property
- value
example:
- type: IDENTITY_ATTRIBUTE
property: displayName
value: support
operation: CONTAINS
negateResult: false
shortCircuit: false
recordChildMatches: false
id: null
suppressMatchedItems: false
children: null
isSystemFilter:
type: boolean
default: false
description: 'If true, the filter is created by the system. If false, the filter is created by a user.'
example: false
required:
- id
- name
- owner
- mode
- isSystemFilter
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaign-filters/delete:
post:
operationId: deleteCampaignFilters
tags:
- Certification Campaign Filters
summary: Deletes campaign filters
description: Deletes campaign filters whose Ids are specified in the provided list of campaign filter Ids. Authorized callers must be an ORG_ADMIN or a CERT_ADMIN.
security:
- userAuth:
- 'idn:campaign-filter:delete'
requestBody:
description: A json list of IDs of campaign filters to delete.
required: true
content:
application/json:
schema:
type: array
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
- 2efb374d392c4d88a34sv7b11e8a4eq6
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/campaign-templates:
post:
operationId: createCampaignTemplate
tags:
- Certification Campaigns
summary: Create a campaign template
description: |
Use this API to create a certification campaign template based on campaign.
security:
- userAuth:
- 'idn:campaign-template:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
nullable: true
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
readOnly: true
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
nullable: true
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
nullable: true
name:
description: |
The campaign name. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
type: string
example: Manager Campaign
description:
type: string
nullable: true
description: |
The campaign description. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
example: Everyone needs to be reviewed by their manager
deadline:
type: string
nullable: true
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
- MACHINE_ACCOUNT
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
nullable: true
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
- null
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
nullable: true
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
nullable: true
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
nullable: true
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
nullable: true
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
nullable: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
filter:
type: object
nullable: true
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: The reviewer's name.
example: William Wilson
query:
type: string
nullable: true
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
nullable: true
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
nullable: true
description: Optional configuration options for role composition campaigns.
properties:
reviewerId:
type: string
description: The ID of the identity or governance group reviewing this campaign. Deprecated in favor of the "reviewer" object.
deprecated: true
example: 2c91808568c529c60168cca6f90c1313
nullable: true
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
nullable: true
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
nullable: true
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
machineAccountCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is MACHINE_ACCOUNT.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
reviewerType:
type: string
description: The reviewer's type.
enum:
- ACCOUNT_OWNER
example: ACCOUNT_OWNER
sourcesWithOrphanEntitlements:
type: array
nullable: true
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
examples:
Manager:
description: 'This creates a template that can be used to generate manager campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named "{current date} Manager Review" (e.g. "2020-03-16 Manager Review").'
value:
name: Manager Review
description: A review of everyone's access by their manager.
deadlineDuration: P2W
campaign:
name: Manager Review
description: Review everyone's access.
type: MANAGER
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
Search:
description: This creates a template that can be used to generate search access campaigns. The campaigns will cover the "reporter" access item for across all identities.
value:
name: Reporting Access Review
description: A review of everyone's access to the reporting system.
deadlineDuration: P2W
campaign:
name: Search Review
description: Review everyone's access to the reporting system.
type: SEARCH
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
searchCampaignInfo:
type: ACCESS
query: '@access(name: ("reporter"))'
description: Identities with reporting abilities
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
description: 'This creates a template that can be used to generate source owner campaigns. The campaigns will have a due date that is one month after their creation date, and will review one source.'
value:
name: AD Source Review
description: A review of our AD source.
deadlineDuration: P1M
campaign:
name: Source Review
description: Review everyone's access.
type: SOURCE_OWNER
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
RoleComposition:
description: 'This creates a template that can be used to generate role composition campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named "{current date} Role Composition Review" (e.g. "2020-03-16 Role Composition Review").'
value:
name: Role Composition Review
description: 'A review of every role''s access items, by the specified reviewer.'
deadlineDuration: P2W
campaign:
name: Role Composition Review
description: Review all our roles.
type: ROLE_COMPOSITION
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 2c9180876ab2c053016ab6f65dfd5aaa
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
responses:
'200':
description: Created successfully.
content:
application/json:
schema:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
nullable: true
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
readOnly: true
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
nullable: true
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
nullable: true
name:
description: |
The campaign name. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
type: string
example: Manager Campaign
description:
type: string
nullable: true
description: |
The campaign description. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
example: Everyone needs to be reviewed by their manager
deadline:
type: string
nullable: true
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
- MACHINE_ACCOUNT
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
nullable: true
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
- null
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
nullable: true
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
nullable: true
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
nullable: true
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
nullable: true
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
nullable: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
filter:
type: object
nullable: true
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: The reviewer's name.
example: William Wilson
query:
type: string
nullable: true
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
nullable: true
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
nullable: true
description: Optional configuration options for role composition campaigns.
properties:
reviewerId:
type: string
description: The ID of the identity or governance group reviewing this campaign. Deprecated in favor of the "reviewer" object.
deprecated: true
example: 2c91808568c529c60168cca6f90c1313
nullable: true
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
nullable: true
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
nullable: true
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
machineAccountCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is MACHINE_ACCOUNT.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
reviewerType:
type: string
description: The reviewer's type.
enum:
- ACCOUNT_OWNER
example: ACCOUNT_OWNER
sourcesWithOrphanEntitlements:
type: array
nullable: true
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
examples:
Manager:
value:
id: e7dbec99d49349c8951bd84f58a05120
name: Manager Review
created: '2022-08-02T19:16:42.632Z'
modified: null
description: A review of everyone's access by their manager.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Manager Review
description: Review everyone's access.
deadline: null
type: MANAGER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
id: b7e6459eed5247ac8b98a5fed81fe27f
name: Reporting Access Review
created: '2022-07-28T19:19:40.035Z'
modified: null
description: A review of everyone's access to the reporting system.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: Identities with reporting abilities
reviewerId: null
reviewer: null
query: '@access(name: ("reporter"))'
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Search Campaign Review
description: Review everyone's access to the reporting system.
deadline: null
type: SEARCH
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: AD Source Review
created: '2022-08-02T13:40:36.857Z'
modified: null
description: A review of our AD source.
deadlineDuration: P1M
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: AD Source Review
description: Review everyone's access.
deadline: null
type: SOURCE_OWNER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
RoleComposition:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: Campaign With Admin Role
created: '2022-08-02T13:40:36.857Z'
modified: null
description: Campaign With Admin Role
deadlineDuration: null
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter: null
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Campaign With Admin Role
description: Campaign With Admin Role
deadline: null
type: ROLE_COMPOSITION
status: null
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: getCampaignTemplates
tags:
- Certification Campaigns
summary: List campaign templates
description: |
Use this API to get a list of all campaign templates. Scope can be reduced through standard V3 query params.
The API returns all campaign templates matching the query parameters.
security:
- userAuth:
- 'idn:campaign-template:read'
- 'idn:campaign-template:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: name
- in: query
name: filters
schema:
type: string
format: comma-separated
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *eq, ge, gt, in, le, lt, ne, sw*
**id**: *eq, ge, gt, in, le, lt, ne, sw*
example: name eq "manager template"
responses:
'200':
description: List of campaign template objects.
content:
application/json:
schema:
type: array
items:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
nullable: true
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
readOnly: true
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
nullable: true
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
nullable: true
name:
description: |
The campaign name. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
type: string
example: Manager Campaign
description:
type: string
nullable: true
description: |
The campaign description. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
example: Everyone needs to be reviewed by their manager
deadline:
type: string
nullable: true
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
- MACHINE_ACCOUNT
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
nullable: true
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
- null
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
nullable: true
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
nullable: true
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
nullable: true
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
nullable: true
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
nullable: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
filter:
type: object
nullable: true
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: The reviewer's name.
example: William Wilson
query:
type: string
nullable: true
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
nullable: true
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
nullable: true
description: Optional configuration options for role composition campaigns.
properties:
reviewerId:
type: string
description: The ID of the identity or governance group reviewing this campaign. Deprecated in favor of the "reviewer" object.
deprecated: true
example: 2c91808568c529c60168cca6f90c1313
nullable: true
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
nullable: true
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
nullable: true
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
machineAccountCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is MACHINE_ACCOUNT.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
reviewerType:
type: string
description: The reviewer's type.
enum:
- ACCOUNT_OWNER
example: ACCOUNT_OWNER
sourcesWithOrphanEntitlements:
type: array
nullable: true
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
example:
- id: e7dbec99d49349c8951bd84f58a05120
name: Manager Review
created: '2022-08-02T19:16:42.632Z'
modified: null
description: A review of everyone's access by their manager.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Manager Review
description: Review everyone's access.
deadline: null
type: MANAGER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
- id: b7e6459eed5247ac8b98a5fed81fe27f
name: Reporting Access Review
created: '2022-07-28T19:19:40.035Z'
modified: null
description: A review of everyone's access to the reporting system.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: Identities with reporting abilities
reviewerId: null
reviewer: null
query: '@access(name: ("reporter"))'
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Search Campaign
description: Review everyone's access to the reporting system.
deadline: null
type: SEARCH
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
- id: b9f41bc69e7a4291b9de0630396d030d
name: Campaign With Admin Role
created: '2022-08-02T13:40:36.857Z'
modified: null
description: Campaign With Admin Role
deadlineDuration: null
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter: null
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Campaign With Admin Role
description: Campaign With Admin Role
deadline: null
type: ROLE_COMPOSITION
status: null
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
mandatoryCommentRequirement: NO_DECISIONS
- id: b9f41bc69e7a4291b9de0630396d030d
name: AD Source Review
created: '2022-08-02T13:40:36.857Z'
modified: null
description: A review of our AD source.
deadlineDuration: P1M
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: AD Source Review
description: Review everyone's access.
deadline: null
type: SOURCE_OWNER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaign-templates/{id}':
patch:
operationId: patchCampaignTemplate
tags:
- Certification Campaigns
summary: Update a campaign template
description: |
Use this API to update individual fields on a certification campaign template, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
security:
- userAuth:
- 'idn:campaign-template:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getCampaignTemplates
description: ID of the campaign template being modified.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
description: |
A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* description
* deadlineDuration
* campaign (all fields that are allowed during create)
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /description
value: Updated description!
- op: replace
path: /campaign/filter/id
value: ff80818155fe8c080155fe8d925b0316
responses:
'200':
description: 'This response indicates that the PATCH operation succeeded, and the API returns the template''s new representation.'
content:
application/json:
schema:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
nullable: true
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
readOnly: true
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
nullable: true
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
nullable: true
name:
description: |
The campaign name. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
type: string
example: Manager Campaign
description:
type: string
nullable: true
description: |
The campaign description. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
example: Everyone needs to be reviewed by their manager
deadline:
type: string
nullable: true
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
- MACHINE_ACCOUNT
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
nullable: true
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
- null
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
nullable: true
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
nullable: true
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
nullable: true
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
nullable: true
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
nullable: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
filter:
type: object
nullable: true
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: The reviewer's name.
example: William Wilson
query:
type: string
nullable: true
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
nullable: true
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
nullable: true
description: Optional configuration options for role composition campaigns.
properties:
reviewerId:
type: string
description: The ID of the identity or governance group reviewing this campaign. Deprecated in favor of the "reviewer" object.
deprecated: true
example: 2c91808568c529c60168cca6f90c1313
nullable: true
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
nullable: true
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
nullable: true
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
machineAccountCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is MACHINE_ACCOUNT.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
reviewerType:
type: string
description: The reviewer's type.
enum:
- ACCOUNT_OWNER
example: ACCOUNT_OWNER
sourcesWithOrphanEntitlements:
type: array
nullable: true
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
examples:
Manager:
value:
id: e7dbec99d49349c8951bd84f58a05120
name: Manager Review
created: '2022-08-02T19:16:42.632Z'
modified: null
description: A review of everyone's access by their manager.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Manager Review
description: Review everyone's access.
deadline: null
type: MANAGER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
id: b7e6459eed5247ac8b98a5fed81fe27f
name: Reporting Access Review
created: '2022-07-28T19:19:40.035Z'
modified: null
description: A review of everyone's access to the reporting system.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: Identities with reporting abilities
reviewerId: null
reviewer: null
query: '@access(name: ("reporter"))'
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Search Campaign Review
description: Review everyone's access to the reporting system.
deadline: null
type: SEARCH
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: AD Source Review
created: '2022-08-02T13:40:36.857Z'
modified: null
description: A review of our AD source.
deadlineDuration: P1M
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: AD Source Review
description: Review everyone's access.
deadline: null
type: SOURCE_OWNER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
RoleComposition:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: Campaign With Admin Role
created: '2022-08-02T13:40:36.857Z'
modified: null
description: Campaign With Admin Role
deadlineDuration: null
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter: null
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Campaign With Admin Role
description: Campaign With Admin Role
deadline: null
type: ROLE_COMPOSITION
status: null
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: getCampaignTemplate
tags:
- Certification Campaigns
summary: Get a campaign template
description: |
Use this API to fetch a certification campaign template by ID.
security:
- userAuth:
- 'idn:campaign-template:read'
- 'idn:campaign-template:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getCampaignTemplates
description: Requested campaign template's ID.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: Data for the campaign matching the given ID.
content:
application/json:
schema:
type: object
description: Campaign Template
properties:
id:
type: string
description: Id of the campaign template
example: 2c9079b270a266a60170a277bb960008
name:
type: string
description: This template's name. Has no bearing on generated campaigns' names.
example: Manager Campaign Template
description:
type: string
description: This template's description. Has no bearing on generated campaigns' descriptions.
example: Template for the annual manager campaign.
created:
type: string
description: Creation date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:44:00.364Z'
modified:
type: string
nullable: true
description: Modification date of Campaign Template
readOnly: true
format: date-time
example: '2020-03-05T22:52:09.969Z'
scheduled:
type: boolean
readOnly: true
description: Indicates if this campaign template has been scheduled.
example: false
default: false
ownerRef:
type: object
readOnly: true
description: 'The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user.'
properties:
id:
type: string
description: Id of the owner
example: 2c918086676d3e0601677611dbde220f
type:
type: string
enum:
- IDENTITY
description: Type of the owner
example: IDENTITY
name:
type: string
description: Name of the owner
example: Mister Manager
email:
type: string
description: Email of the owner
example: mr.manager@example.com
deadlineDuration:
type: string
nullable: true
description: 'The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign''s deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign''s deadline would be 2020-01-15 (the current date plus 14 days).'
example: P2W
campaign:
type: object
title: Campaign
allOf:
- type: object
title: Slim Campaign
required:
- name
- description
- type
properties:
id:
type: string
readOnly: true
description: Id of the campaign
example: 2c9079b270a266a60170a2779fcb0007
nullable: true
name:
description: |
The campaign name. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
type: string
example: Manager Campaign
description:
type: string
nullable: true
description: |
The campaign description. If this object is part of a template, special formatting applies; see the
`/campaign-templates/{id}/generate` endpoint documentation for details.
example: Everyone needs to be reviewed by their manager
deadline:
type: string
nullable: true
format: date-time
description: 'The campaign''s completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.'
example: '2020-03-15T10:00:01.456Z'
type:
type: string
description: The type of campaign. Could be extended in the future.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
- MACHINE_ACCOUNT
example: MANAGER
emailNotificationEnabled:
type: boolean
description: Enables email notification for this campaign
default: false
example: false
autoRevokeAllowed:
type: boolean
description: Allows auto revoke for this campaign
default: false
example: false
recommendationsEnabled:
type: boolean
description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
default: false
example: true
status:
type: string
description: The campaign's current status.
nullable: true
readOnly: true
enum:
- PENDING
- STAGED
- CANCELING
- ACTIVATING
- ACTIVE
- COMPLETING
- COMPLETED
- ERROR
- ARCHIVED
- null
example: ACTIVE
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
created:
type: string
nullable: true
readOnly: true
format: date-time
description: Created time of the campaign
example: '2020-03-03T22:15:13.611Z'
totalCertifications:
type: integer
nullable: true
format: int32
description: The total number of certifications in this campaign.
readOnly: true
example: 100
completedCertifications:
type: integer
nullable: true
format: int32
description: The number of completed certifications in this campaign.
readOnly: true
example: 10
alerts:
type: array
nullable: true
description: A list of errors and warnings that have accumulated.
readOnly: true
items:
type: object
properties:
level:
type: string
enum:
- ERROR
- WARN
- INFO
description: Denotes the level of the message
example: ERROR
localizations:
type: array
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
- type: object
properties:
modified:
type: string
readOnly: true
nullable: true
format: date-time
description: Modified time of the campaign
example: '2020-03-03T22:20:12.674Z'
filter:
type: object
nullable: true
description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
properties:
id:
type: string
description: The ID of whatever type of filter is being used.
example: 0fbe863c063c4c88a35fd7f17e8a3df5
type:
type: string
description: Type of the filter
enum:
- CAMPAIGN_FILTER
- RULE
example: CAMPAIGN_FILTER
name:
type: string
description: Name of the filter
example: Test Filter
sunsetCommentsRequired:
type: boolean
description: Determines if comments on sunset date changes are required.
default: true
example: true
sourceOwnerCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SOURCE_OWNER.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
searchCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is SEARCH.
properties:
type:
type: string
description: The type of search campaign represented.
enum:
- IDENTITY
- ACCESS
example: ACCESS
description:
type: string
description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.'
example: Search Campaign description
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: The reviewer's name.
example: William Wilson
query:
type: string
nullable: true
description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set.
example: Search Campaign query description
identityIds:
type: array
nullable: true
description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set.
items:
type: string
maxItems: 1000
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
accessConstraints:
type: array
description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access.
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
description: Type of Access
example: ENTITLEMENT
ids:
description: Must be set only if operator is SELECTED.
type: array
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
operator:
type: string
enum:
- ALL
- SELECTED
description: Used to determine whether the scope of the campaign should be reduced for selected ids or all.
example: SELECTED
required:
- type
- operator
maxItems: 1000
required:
- type
roleCompositionCampaignInfo:
type: object
nullable: true
description: Optional configuration options for role composition campaigns.
properties:
reviewerId:
type: string
description: The ID of the identity or governance group reviewing this campaign. Deprecated in favor of the "reviewer" object.
deprecated: true
example: 2c91808568c529c60168cca6f90c1313
nullable: true
reviewer:
type: object
nullable: true
description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.'
properties:
type:
type: string
description: The reviewer's DTO type.
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
id:
type: string
description: The reviewer's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The reviewer's name.
example: William Wilson
roleIds:
type: array
description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
remediatorRef:
type: object
description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.'
properties:
type:
type: string
enum:
- IDENTITY
description: Legal Remediator Type
example: IDENTITY
id:
type: string
description: The ID of the remediator.
example: 2c90ad2a70ace7d50170acf22ca90010
name:
type: string
description: The name of the remediator.
readOnly: true
example: Role Admin
required:
- type
- id
query:
type: string
nullable: true
description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.'
example: Search Query
description:
type: string
nullable: true
description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.'
example: Role Composition Description
required:
- remediatorRef
machineAccountCampaignInfo:
type: object
nullable: true
description: Must be set only if the campaign type is MACHINE_ACCOUNT.
properties:
sourceIds:
type: array
description: The list of sources to be included in the campaign.
items:
type: string
example:
- 0fbe863c063c4c88a35fd7f17e8a3df5
reviewerType:
type: string
description: The reviewer's type.
enum:
- ACCOUNT_OWNER
example: ACCOUNT_OWNER
sourcesWithOrphanEntitlements:
type: array
nullable: true
description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
readOnly: true
items:
type: object
properties:
id:
type: string
description: Id of the source
example: 2c90ad2a70ace7d50170acf22ca90010
type:
type: string
enum:
- SOURCE
description: Type
example: SOURCE
name:
type: string
description: Name of the source
example: Source with orphan entitlements
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
required:
- name
- description
- created
- modified
- campaign
examples:
Manager:
value:
id: e7dbec99d49349c8951bd84f58a05120
name: Manager Review
created: '2022-08-02T19:16:42.632Z'
modified: null
description: A review of everyone's access by their manager.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Manager Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Manager Review
description: Review everyone's access.
deadline: null
type: MANAGER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Search:
value:
id: b7e6459eed5247ac8b98a5fed81fe27f
name: Reporting Access Review
created: '2022-07-28T19:19:40.035Z'
modified: null
description: A review of everyone's access to the reporting system.
deadlineDuration: P14D
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Search Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo:
type: ACCESS
description: Identities with reporting abilities
reviewerId: null
reviewer: null
query: '@access(name: ("reporter"))'
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Search Campaign Review
description: Review everyone's access to the reporting system.
deadline: null
type: SEARCH
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
Source Owner:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: AD Source Review
created: '2022-08-02T13:40:36.857Z'
modified: null
description: A review of our AD source.
deadlineDuration: P1M
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter:
type: CAMPAIGN_FILTER
id: e0adaae69852e8fe8b8a3d48e5ce757c
name: Test Source Owner Filter
sunsetCommentsRequired: true
sourceOwnerCampaignInfo:
sourceIds:
- 2c918084707deba501709d45ce4e5569
searchCampaignInfo: null
roleCompositionCampaignInfo: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: AD Source Review
description: Review everyone's access.
deadline: null
type: SOURCE_OWNER
status: null
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
RoleComposition:
value:
id: b9f41bc69e7a4291b9de0630396d030d
name: Campaign With Admin Role
created: '2022-08-02T13:40:36.857Z'
modified: null
description: Campaign With Admin Role
deadlineDuration: null
ownerRef:
email: support@testmail.identitysoon.com
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
scheduled: false
campaign:
created: null
modified: null
filter: null
sunsetCommentsRequired: true
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo:
remediatorRef:
type: IDENTITY
id: 7ec252acbd4245548bc25df22348cb75
name: SailPoint Support
reviewerId: null
reviewer: null
roleIds:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
alerts: null
totalCertifications: null
completedCertifications: null
sourcesWithOrphanEntitlements: null
id: null
name: Campaign With Admin Role
description: Campaign With Admin Role
deadline: null
type: ROLE_COMPOSITION
status: null
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
mandatoryCommentRequirement: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteCampaignTemplate
tags:
- Certification Campaigns
summary: Delete a campaign template
description: |
Use this API to delete a certification campaign template by ID.
security:
- userAuth:
- 'idn:campaign-template:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getCampaignTemplates
description: ID of the campaign template being deleted.
example: 2c9180835d191a86015d28455b4a2329
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaign-templates/{id}/schedule':
get:
operationId: getCampaignTemplateSchedule
tags:
- Certification Campaigns
summary: Get campaign template schedule
description: |
Use this API to get the schedule for a certification campaign template. The API returns a 404 if there is no schedule set.
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getCampaignTemplates
description: ID of the campaign template whose schedule is being fetched.
example: 04bedce387bd47b2ae1f86eb0bb36dee
responses:
'200':
description: 'Current schedule for the campaign template. See the [Set Campaign Template Schedule endpoint documentation](https://developer.sailpoint.com/docs/api/v3/set-campaign-template-schedule) for more examples.'
content:
application/json:
schema:
type: object
properties:
type:
type: string
description: 'Determines the overall schedule cadence. In general, all time period fields smaller than the chosen type can be configured. For example, a DAILY schedule can have ''hours'' set, but not ''days''; a WEEKLY schedule can have both ''hours'' and ''days'' set.'
enum:
- WEEKLY
- MONTHLY
- ANNUALLY
- CALENDAR
example: WEEKLY
months:
type: object
nullable: true
description: |
Specifies which months of a schedule are active. Only valid for ANNUALLY schedule types. Examples:
On February and March:
* type LIST
* values "2", "3"
Every 3 months, starting in January (quarterly):
* type LIST
* values "1"
* interval 3
Every two months between July and December:
* type RANGE
* values "7", "12"
* interval 2
properties:
type:
type: string
description: Enum type to specify months value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the months based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
example: 2
format: int64
description: Interval between the cert generations
required:
- type
- values
days:
type: object
description: |
Specifies which day(s) a schedule is active for. This is required for all schedule types.
The "values" field holds different data depending on the type of schedule:
* WEEKLY: days of the week (1-7)
* MONTHLY: days of the month (1-31, L, L-1...)
* ANNUALLY: if the "months" field is also set: days of the month (1-31, L, L-1...); otherwise: ISO-8601 dates without year ("--12-31")
* CALENDAR: ISO-8601 dates ("2020-12-31")
Note that CALENDAR only supports the LIST type, and ANNUALLY does not support the RANGE type when provided
with ISO-8601 dates without year.
Examples:
On Sundays:
* type LIST
* values "1"
The second to last day of the month:
* type LIST
* values "L-1"
From the 20th to the last day of the month:
* type RANGE
* values "20", "L"
Every March 2nd:
* type LIST
* values "--03-02"
On March 2nd, 2021:
* type: LIST
* values "2021-03-02"
properties:
type:
type: string
description: Enum type to specify days value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the days based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
example: 2
format: int64
description: Interval between the cert generations
nullable: true
required:
- type
- values
hours:
type: object
description: |
Specifies which hour(s) a schedule is active for. Examples:
Every three hours starting from 8AM, inclusive:
* type LIST
* values "8"
* interval 3
During business hours:
* type RANGE
* values "9", "5"
At 5AM, noon, and 5PM:
* type LIST
* values "5", "12", "17"
properties:
type:
type: string
description: Enum type to specify hours value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the days based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
format: int64
example: 2
description: Interval between the cert generations
nullable: true
required:
- type
- values
expiration:
type: string
format: date-time
description: Specifies the time after which this schedule will no longer occur.
example: '2022-09-19 13:55:26'
nullable: true
timeZoneId:
type: string
description: 'The time zone to use when running the schedule. For instance, if the schedule is scheduled to run at 1AM, and this field is set to "CST", the schedule will run at 1AM CST.'
example: CST
required:
- type
- hours
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setCampaignTemplateSchedule
tags:
- Certification Campaigns
summary: Set campaign template schedule
description: |
Use this API to set the schedule for a certification campaign template. If a schedule already exists, the API overwrites it with the new one.
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getCampaignTemplates
description: ID of the campaign template being scheduled.
example: 04bedce387bd47b2ae1f86eb0bb36dee
requestBody:
content:
application/json:
schema:
type: object
properties:
type:
type: string
description: 'Determines the overall schedule cadence. In general, all time period fields smaller than the chosen type can be configured. For example, a DAILY schedule can have ''hours'' set, but not ''days''; a WEEKLY schedule can have both ''hours'' and ''days'' set.'
enum:
- WEEKLY
- MONTHLY
- ANNUALLY
- CALENDAR
example: WEEKLY
months:
type: object
nullable: true
description: |
Specifies which months of a schedule are active. Only valid for ANNUALLY schedule types. Examples:
On February and March:
* type LIST
* values "2", "3"
Every 3 months, starting in January (quarterly):
* type LIST
* values "1"
* interval 3
Every two months between July and December:
* type RANGE
* values "7", "12"
* interval 2
properties:
type:
type: string
description: Enum type to specify months value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the months based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
example: 2
format: int64
description: Interval between the cert generations
required:
- type
- values
days:
type: object
description: |
Specifies which day(s) a schedule is active for. This is required for all schedule types.
The "values" field holds different data depending on the type of schedule:
* WEEKLY: days of the week (1-7)
* MONTHLY: days of the month (1-31, L, L-1...)
* ANNUALLY: if the "months" field is also set: days of the month (1-31, L, L-1...); otherwise: ISO-8601 dates without year ("--12-31")
* CALENDAR: ISO-8601 dates ("2020-12-31")
Note that CALENDAR only supports the LIST type, and ANNUALLY does not support the RANGE type when provided
with ISO-8601 dates without year.
Examples:
On Sundays:
* type LIST
* values "1"
The second to last day of the month:
* type LIST
* values "L-1"
From the 20th to the last day of the month:
* type RANGE
* values "20", "L"
Every March 2nd:
* type LIST
* values "--03-02"
On March 2nd, 2021:
* type: LIST
* values "2021-03-02"
properties:
type:
type: string
description: Enum type to specify days value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the days based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
example: 2
format: int64
description: Interval between the cert generations
nullable: true
required:
- type
- values
hours:
type: object
description: |
Specifies which hour(s) a schedule is active for. Examples:
Every three hours starting from 8AM, inclusive:
* type LIST
* values "8"
* interval 3
During business hours:
* type RANGE
* values "9", "5"
At 5AM, noon, and 5PM:
* type LIST
* values "5", "12", "17"
properties:
type:
type: string
description: Enum type to specify hours value
enum:
- LIST
- RANGE
example: LIST
values:
type: array
description: Values of the days based on the enum type mentioned above
items:
type: string
example:
- '1'
interval:
type: integer
format: int64
example: 2
description: Interval between the cert generations
nullable: true
required:
- type
- values
expiration:
type: string
format: date-time
description: Specifies the time after which this schedule will no longer occur.
example: '2022-09-19 13:55:26'
nullable: true
timeZoneId:
type: string
description: 'The time zone to use when running the schedule. For instance, if the schedule is scheduled to run at 1AM, and this field is set to "CST", the schedule will run at 1AM CST.'
example: CST
required:
- type
- hours
examples:
Monthly:
description: 'Runs on the 15th and last day of the month, at 5PM.'
value:
type: MONTHLY
hours:
type: LIST
values:
- '17'
days:
type: LIST
values:
- '15'
Once a year:
description: Runs every January 1st at midnight.
value:
type: ANNUALLY
hours:
type: LIST
values:
- '0'
days:
type: LIST
values:
- '--01-01'
Quarterly:
description: Runs once a quarter (every 3 months) on the first of the month at 1AM.
value:
type: ANNUALLY
hours:
type: LIST
values:
- '1'
days:
type: LIST
values:
- '1'
months:
type: LIST
values:
- '1'
interval: 3
Yearly on Specific Days:
description: 'Runs on March 12 and December 5 at 1AM, every year.'
value:
type: ANNUALLY
hours:
type: LIST
values:
- '1'
days:
type: LIST
values:
- '--03-12'
- '--12-05'
On a Specific Date:
description: 'Runs at 1AM on February 18th, 2020'
value:
type: CALENDAR
hours:
type: LIST
values:
- '1'
days:
type: LIST
values:
- '2020-02-18'
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteCampaignTemplateSchedule
tags:
- Certification Campaigns
summary: Delete campaign template schedule
description: |
Use this API to delete the schedule for a certification campaign template. The API returns a 404 if there is no schedule set.
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getCampaignTemplates
description: ID of the campaign template whose schedule is being deleted.
example: 04bedce387bd47b2ae1f86eb0bb36dee
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/campaign-templates/{id}/generate':
post:
operationId: startGenerateCampaignTemplate
tags:
- Certification Campaigns
summary: Generate a campaign from template
security:
- userAuth:
- 'idn:campaign-template:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
description: |
Use this API to generate a new certification campaign from a campaign template.
The campaign object contained in the template has special formatting applied to its name and description
fields that determine the generated campaign's name/description. Placeholders in those fields are
formatted with the current date and time upon generation.
Placeholders consist of a percent sign followed by a letter indicating what should be inserted. For
example, "%Y" inserts the current year, and a campaign template named "Campaign for %y" generates a
campaign called "Campaign for 2020" (assuming the year at generation time is 2020).
Valid placeholders are the date/time conversion suffix characters supported by [java.util.Formatter](https://docs.oracle.com/javase/8/docs/api/java/util/Formatter.html).
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getCampaignTemplates
description: ID of the campaign template to use for generation.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: 'This response indicates that a campaign was successfully generated from this template, and the API returns a reference to the new campaign.'
content:
application/json:
schema:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/certifications:
get:
operationId: listIdentityCertifications
tags:
- Certifications
summary: List identity campaign certifications
description: 'Use this API to get a list of identity campaign certifications for the specified query parameters. Any authenticated token can call this API, but only certifications you are authorized to review will be returned. This API does not support requests for certifications assigned to governance groups.'
parameters:
- in: query
name: reviewer-identity
schema:
type: string
example: me
description: Reviewer's identity. *me* indicates the current user.
required: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
example: id eq "ef38f94347e94562b5bb8424a56397d8"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**campaign.id**: *eq, in*
**phase**: *eq*
**completed**: *eq*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'name,due'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, due, signed**
responses:
'200':
description: List of identity campaign certifications.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
example: 2c9180835d2e5168015d32f890ca1581
type: string
description: id of the certification
name:
example: 'Source Owner Access Review for Employees [source]'
type: string
description: name of the certification
campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
completed:
type: boolean
description: Have all decisions been made?
example: true
identitiesCompleted:
type: integer
description: The number of identities for whom all decisions have been made and are complete.
example: 5
format: int32
identitiesTotal:
type: integer
description: 'The total number of identities in the Certification, both complete and incomplete.'
example: 10
format: int32
created:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: created date
modified:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: modified date
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions.
example: 40
format: int32
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
nullable: true
signed:
type: string
format: date-time
nullable: true
description: The date the reviewer signed off on the Certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
description: Identifies if the certification has an error
type: boolean
example: false
errorMessage:
description: Description of the certification error
nullable: true
type: string
example: The certification has an error
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}':
get:
operationId: getIdentityCertification
tags:
- Certifications
summary: Identity certification by id
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
description: This API returns a single identity campaign certification by its ID. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentityCertifications
description: The certification id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: An identity campaign certification object
content:
application/json:
schema:
type: object
properties:
id:
example: 2c9180835d2e5168015d32f890ca1581
type: string
description: id of the certification
name:
example: 'Source Owner Access Review for Employees [source]'
type: string
description: name of the certification
campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
completed:
type: boolean
description: Have all decisions been made?
example: true
identitiesCompleted:
type: integer
description: The number of identities for whom all decisions have been made and are complete.
example: 5
format: int32
identitiesTotal:
type: integer
description: 'The total number of identities in the Certification, both complete and incomplete.'
example: 10
format: int32
created:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: created date
modified:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: modified date
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions.
example: 40
format: int32
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
nullable: true
signed:
type: string
format: date-time
nullable: true
description: The date the reviewer signed off on the Certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
description: Identifies if the certification has an error
type: boolean
example: false
errorMessage:
description: Description of the certification error
nullable: true
type: string
example: The certification has an error
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/access-review-items':
get:
operationId: listIdentityAccessReviewItems
tags:
- Certifications
summary: List of access review items
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
description: This API returns a list of access review items for an identity campaign certification. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentityCertifications
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
required: false
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**type**: *eq*
**access.type**: *eq*
**completed**: *eq, ne*
**identitySummary.id**: *eq, in*
**identitySummary.name**: *eq, sw*
**access.id**: *eq, in*
**access.name**: *eq, sw*
**entitlement.sourceName**: *eq, sw*
**accessProfile.sourceName**: *eq, sw*
example: id eq "ef38f94347e94562b5bb8424a56397d8"
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'access.name,-accessProfile.sourceName'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName**
- in: query
name: entitlements
required: false
schema:
type: string
example: identityEntitlement
description: |-
Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.
An error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time.
- in: query
name: access-profiles
required: false
schema:
type: string
example: accessProfile1
description: |-
Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.
An error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time.
- in: query
name: roles
required: false
schema:
type: string
example: userRole
description: |-
Filter results to view access review items that pertain to any of the specified comma-separated role IDs.
An error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time.
responses:
'200':
description: A list of access review items
content:
application/json:
schema:
type: array
items:
type: object
properties:
accessSummary:
type: object
description: An object holding the access that is being reviewed
properties:
access:
type: object
properties:
type:
description: The type of item being certified
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: The ID of the item being certified
example: 2c9180867160846801719932c5153fb7
name:
type: string
description: The name of the item being certified
example: Entitlement for Company Database
entitlement:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
description:
nullable: true
type: string
description: Information about the account
example: Account for Read/write to the company database
governanceGroupId:
nullable: true
type: string
description: The id associated with the machine Account Governance Group
example: 2c9180857182305e0171993737eb29e6
owner:
type: object
nullable: true
description: Information about the machine account owner
properties:
id:
nullable: true
type: string
description: The id associated with the machine account owner
example: 2c9180857182305e0171993737eb29e8
type:
type: string
enum:
- IDENTITY
description: An enumeration of the types of Owner supported within the IdentityNow infrastructure.
example: IDENTITY
displayName:
nullable: true
type: string
description: The machine account owner's display name
example: Alison Ferguson
accessProfile:
type: object
properties:
id:
type: string
description: The id of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
privileged:
type: boolean
description: Indicates if the entitlement is a privileged entitlement
example: false
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
example: false
endDate:
nullable: true
type: string
format: date-time
description: The date at which a user's access expires
example: '2021-12-25T00:00:00.000Z'
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
description: Owner of the Access Profile
entitlements:
type: array
description: A list of entitlements associated with this Access Profile
items:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
description:
nullable: true
type: string
description: Information about the account
example: Account for Read/write to the company database
governanceGroupId:
nullable: true
type: string
description: The id associated with the machine Account Governance Group
example: 2c9180857182305e0171993737eb29e6
owner:
type: object
nullable: true
description: Information about the machine account owner
properties:
id:
nullable: true
type: string
description: The id associated with the machine account owner
example: 2c9180857182305e0171993737eb29e8
type:
type: string
enum:
- IDENTITY
description: An enumeration of the types of Owner supported within the IdentityNow infrastructure.
example: IDENTITY
displayName:
nullable: true
type: string
description: The machine account owner's display name
example: Alison Ferguson
created:
type: string
description: Date the Access Profile was created.
format: date-time
example: '2021-01-01T22:32:58.104Z'
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-02-01T22:32:58.104Z'
role:
type: object
nullable: true
properties:
id:
type: string
description: The id for the Role
example: 2c91808a7190d06e0171993907fd0794
name:
type: string
description: The name of the Role
example: Accounting-Employees
description:
type: string
description: Information about the Role
example: Role for members of the accounting department with the necessary Access Profiles
privileged:
type: boolean
description: Indicates if the entitlement is a privileged entitlement
example: false
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
revocable:
type: boolean
description: Indicates whether the Role can be revoked or requested
example: false
endDate:
type: string
format: date-time
description: The date when a user's access expires.
example: '2021-12-25T00:00:00.000Z'
accessProfiles:
type: array
description: The list of Access Profiles associated with this Role
items:
type: object
properties:
id:
type: string
description: The id of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
privileged:
type: boolean
description: Indicates if the entitlement is a privileged entitlement
example: false
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
example: false
endDate:
nullable: true
type: string
format: date-time
description: The date at which a user's access expires
example: '2021-12-25T00:00:00.000Z'
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
description: Owner of the Access Profile
entitlements:
type: array
description: A list of entitlements associated with this Access Profile
items:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
description:
nullable: true
type: string
description: Information about the account
example: Account for Read/write to the company database
governanceGroupId:
nullable: true
type: string
description: The id associated with the machine Account Governance Group
example: 2c9180857182305e0171993737eb29e6
owner:
type: object
nullable: true
description: Information about the machine account owner
properties:
id:
nullable: true
type: string
description: The id associated with the machine account owner
example: 2c9180857182305e0171993737eb29e8
type:
type: string
enum:
- IDENTITY
description: An enumeration of the types of Owner supported within the IdentityNow infrastructure.
example: IDENTITY
displayName:
nullable: true
type: string
description: The machine account owner's display name
example: Alison Ferguson
created:
type: string
description: Date the Access Profile was created.
format: date-time
example: '2021-01-01T22:32:58.104Z'
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-02-01T22:32:58.104Z'
entitlements:
type: array
description: The list of entitlements associated with this Role
items:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
description:
nullable: true
type: string
description: Information about the account
example: Account for Read/write to the company database
governanceGroupId:
nullable: true
type: string
description: The id associated with the machine Account Governance Group
example: 2c9180857182305e0171993737eb29e6
owner:
type: object
nullable: true
description: Information about the machine account owner
properties:
id:
nullable: true
type: string
description: The id associated with the machine account owner
example: 2c9180857182305e0171993737eb29e8
type:
type: string
enum:
- IDENTITY
description: An enumeration of the types of Owner supported within the IdentityNow infrastructure.
example: IDENTITY
displayName:
nullable: true
type: string
description: The machine account owner's display name
example: Alison Ferguson
identitySummary:
type: object
properties:
id:
type: string
description: The ID of the identity summary
example: 2c91808772a504f50172a9540e501ba7
name:
type: string
description: Name of the linked identity
example: Alison Ferguso
identityId:
type: string
description: The ID of the identity being certified
example: 2c9180857182306001719937377a33de
completed:
type: boolean
description: Indicates whether the review items for the linked identity's certification have been completed
example: true
id:
type: string
description: The review item's id
example: ef38f94347e94562b5bb8424a56397d8
completed:
type: boolean
description: Whether the review item is complete
example: false
newAccess:
type: boolean
description: Indicates whether the review item is for new access to a source
example: false
decision:
type: string
description: The decision to approve or revoke the review item
enum:
- APPROVE
- REVOKE
example: APPROVE
comments:
nullable: true
type: string
description: Comments for this review item
example: This user still needs access to this source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/decide':
post:
operationId: makeIdentityDecision
tags:
- Certifications
summary: Decide on a certification item
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
description: The API makes a decision to approve or revoke one or more identity campaign certification items. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentityCertifications
description: The ID of the identity campaign certification on which to make decisions
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: A non-empty array of decisions to be made.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The id of the review decision
example: ef38f94347e94562b5bb8424a56397d8
decision:
type: string
description: The decision to approve or revoke the review item
enum:
- APPROVE
- REVOKE
example: APPROVE
proposedEndDate:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: The date at which a user's access should be taken away. Should only be set for `REVOKE` decisions.
bulk:
type: boolean
description: Indicates whether decision should be marked as part of a larger bulk decision
example: true
recommendation:
nullable: true
type: object
properties:
recommendation:
type: string
description: The recommendation from IAI at the time of the decision. This field will be null if no recommendation was made.
example: null
nullable: true
reasons:
type: array
items:
type: string
description: A list of reasons for the recommendation.
example:
- Reason 1
- Reason 2
timestamp:
type: string
format: date-time
description: The time at which the recommendation was recorded.
example: '2020-06-01T13:49:37.385Z'
comments:
type: string
description: Comments recorded when the decision was made
example: This user no longer needs access to this source
required:
- id
- decision
- bulk
minItems: 1
maxItems: 250
example:
- id: ef38f94347e94562b5bb8424a56396b5
decision: APPROVE
bulk: true
comments: This user still needs access to this source.
- id: ef38f94347e94562b5bb8424a56397d8
decision: APPROVE
bulk: true
comments: This user still needs access to this source too.
responses:
'200':
description: An identity campaign certification object
content:
application/json:
schema:
type: object
properties:
id:
example: 2c9180835d2e5168015d32f890ca1581
type: string
description: id of the certification
name:
example: 'Source Owner Access Review for Employees [source]'
type: string
description: name of the certification
campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
completed:
type: boolean
description: Have all decisions been made?
example: true
identitiesCompleted:
type: integer
description: The number of identities for whom all decisions have been made and are complete.
example: 5
format: int32
identitiesTotal:
type: integer
description: 'The total number of identities in the Certification, both complete and incomplete.'
example: 10
format: int32
created:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: created date
modified:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: modified date
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions.
example: 40
format: int32
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
nullable: true
signed:
type: string
format: date-time
nullable: true
description: The date the reviewer signed off on the Certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
description: Identifies if the certification has an error
type: boolean
example: false
errorMessage:
description: Description of the certification error
nullable: true
type: string
example: The certification has an error
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/reassign':
post:
operationId: reassignIdentityCertifications
tags:
- Certifications
summary: Reassign identities or items
description: This API reassigns up to 50 identities or items in an identity campaign certification to another reviewer. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentityCertifications
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
reassign:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of item or identity being reassigned.
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
description: The type of item or identity being reassigned.
enum:
- TARGET_SUMMARY
- ITEM
- IDENTITY_SUMMARY
example: ITEM
required:
- id
- type
reassignTo:
type: string
description: The ID of the identity to which the certification is reassigned
example: ef38f94347e94562b5bb8424a56397d8
reason:
type: string
description: The reason comment for why the reassign was made
example: reassigned for some reason
required:
- reassign
- reassignTo
- reason
responses:
'200':
description: An identity campaign certification details after completing the reassignment.
content:
application/json:
schema:
type: object
properties:
id:
example: 2c9180835d2e5168015d32f890ca1581
type: string
description: id of the certification
name:
example: 'Source Owner Access Review for Employees [source]'
type: string
description: name of the certification
campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
completed:
type: boolean
description: Have all decisions been made?
example: true
identitiesCompleted:
type: integer
description: The number of identities for whom all decisions have been made and are complete.
example: 5
format: int32
identitiesTotal:
type: integer
description: 'The total number of identities in the Certification, both complete and incomplete.'
example: 10
format: int32
created:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: created date
modified:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: modified date
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions.
example: 40
format: int32
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
nullable: true
signed:
type: string
format: date-time
nullable: true
description: The date the reviewer signed off on the Certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
description: Identifies if the certification has an error
type: boolean
example: false
errorMessage:
description: Description of the certification error
nullable: true
type: string
example: The certification has an error
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/sign-off':
post:
operationId: signOffIdentityCertification
tags:
- Certifications
summary: Finalize identity certification decisions
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
description: This API finalizes all decisions made on an identity campaign certification and initiates any remediations required. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentityCertifications
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: An identity campaign certification object
content:
application/json:
schema:
type: object
properties:
id:
example: 2c9180835d2e5168015d32f890ca1581
type: string
description: id of the certification
name:
example: 'Source Owner Access Review for Employees [source]'
type: string
description: name of the certification
campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
completed:
type: boolean
description: Have all decisions been made?
example: true
identitiesCompleted:
type: integer
description: The number of identities for whom all decisions have been made and are complete.
example: 5
format: int32
identitiesTotal:
type: integer
description: 'The total number of identities in the Certification, both complete and incomplete.'
example: 10
format: int32
created:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: created date
modified:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: modified date
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions.
example: 40
format: int32
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
nullable: true
signed:
type: string
format: date-time
nullable: true
description: The date the reviewer signed off on the Certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
description: Identifies if the certification has an error
type: boolean
example: false
errorMessage:
description: Description of the certification error
nullable: true
type: string
example: The certification has an error
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/decision-summary':
get:
operationId: getIdentityDecisionSummary
tags:
- Certification Summaries
summary: Summary of certification decisions
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
description: This API returns a summary of the decisions made on an identity campaign certification. The decisions are summarized by type. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentityCertifications
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: filters
required: false
schema:
type: string
example: identitySummary.id eq "ef38f94347e94562b5bb8424a56397d8"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**identitySummary.id**: *eq, in*
responses:
'200':
description: Summary of the decisions made
content:
application/json:
schema:
type: object
properties:
entitlementDecisionsMade:
type: integer
description: Number of entitlement decisions that have been made
example: 3
format: int32
accessProfileDecisionsMade:
type: integer
description: Number of access profile decisions that have been made
example: 5
format: int32
roleDecisionsMade:
type: integer
description: Number of role decisions that have been made
example: 2
format: int32
accountDecisionsMade:
type: integer
description: Number of account decisions that have been made
example: 4
format: int32
entitlementDecisionsTotal:
type: integer
description: 'The total number of entitlement decisions on the certification, both complete and incomplete'
example: 6
format: int32
accessProfileDecisionsTotal:
type: integer
description: 'The total number of access profile decisions on the certification, both complete and incomplete'
example: 10
format: int32
roleDecisionsTotal:
type: integer
description: 'The total number of role decisions on the certification, both complete and incomplete'
example: 4
format: int32
accountDecisionsTotal:
type: integer
description: 'The total number of account decisions on the certification, both complete and incomplete'
example: 8
format: int32
entitlementsApproved:
type: integer
description: The number of entitlement decisions that have been made which were approved
example: 2
format: int32
entitlementsRevoked:
type: integer
description: The number of entitlement decisions that have been made which were revoked
example: 1
format: int32
accessProfilesApproved:
type: integer
description: The number of access profile decisions that have been made which were approved
example: 3
format: int32
accessProfilesRevoked:
type: integer
description: The number of access profile decisions that have been made which were revoked
example: 2
format: int32
rolesApproved:
type: integer
description: The number of role decisions that have been made which were approved
example: 2
format: int32
rolesRevoked:
type: integer
description: The number of role decisions that have been made which were revoked
example: 0
format: int32
accountsApproved:
type: integer
description: The number of account decisions that have been made which were approved
example: 1
format: int32
accountsRevoked:
type: integer
description: The number of account decisions that have been made which were revoked
example: 3
format: int32
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/identity-summaries':
get:
operationId: getIdentitySummaries
tags:
- Certification Summaries
summary: Identity summaries for campaign certification
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
description: This API returns a list of the identity summaries for a specific identity campaign certification. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentityCertifications
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
example: id eq "ef38f94347e94562b5bb8424a56397d8"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**completed**: *eq, ne*
**name**: *eq, sw*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: name
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
responses:
'200':
description: List of identity summaries
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the identity summary
example: 2c91808772a504f50172a9540e501ba7
name:
type: string
description: Name of the linked identity
example: Alison Ferguso
identityId:
type: string
description: The ID of the identity being certified
example: 2c9180857182306001719937377a33de
completed:
type: boolean
description: Indicates whether the review items for the linked identity's certification have been completed
example: true
example:
- id: 2c91808772a504f50172a9540e501ba7
name: Aaron Grey
identityId: 2c9180857182306001719937379633e4
completed: false
- id: 2c91808772a504f50172a9540e501ba8
name: Aglae Wilson
identityId: 2c9180857182306001719937377a33de
completed: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/access-summaries/{type}':
get:
operationId: getIdentityAccessSummaries
tags:
- Certification Summaries
summary: Access summaries
description: This API returns a list of access summaries for the specified identity campaign certification and type. Reviewers for this certification can also call this API.
security:
- userAuth:
- 'idn:certification:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentityCertifications
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: type
schema:
type: string
enum:
- ROLE
- ACCESS_PROFILE
- ENTITLEMENT
required: true
description: The type of access review item to retrieve summaries for
example: ACCESS_PROFILE
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
example: access.id eq "ef38f94347e94562b5bb8424a56397d8"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**completed**: *eq, ne*
**access.id**: *eq, in*
**access.name**: *eq, sw*
**entitlement.sourceName**: *eq, sw*
**accessProfile.sourceName**: *eq, sw*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: access.name
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.name**
responses:
'200':
description: List of access summaries
content:
application/json:
schema:
type: array
items:
type: object
description: An object holding the access that is being reviewed
properties:
access:
type: object
properties:
type:
description: The type of item being certified
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: The ID of the item being certified
example: 2c9180867160846801719932c5153fb7
name:
type: string
description: The name of the item being certified
example: Entitlement for Company Database
entitlement:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
description:
nullable: true
type: string
description: Information about the account
example: Account for Read/write to the company database
governanceGroupId:
nullable: true
type: string
description: The id associated with the machine Account Governance Group
example: 2c9180857182305e0171993737eb29e6
owner:
type: object
nullable: true
description: Information about the machine account owner
properties:
id:
nullable: true
type: string
description: The id associated with the machine account owner
example: 2c9180857182305e0171993737eb29e8
type:
type: string
enum:
- IDENTITY
description: An enumeration of the types of Owner supported within the IdentityNow infrastructure.
example: IDENTITY
displayName:
nullable: true
type: string
description: The machine account owner's display name
example: Alison Ferguson
accessProfile:
type: object
properties:
id:
type: string
description: The id of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
privileged:
type: boolean
description: Indicates if the entitlement is a privileged entitlement
example: false
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
example: false
endDate:
nullable: true
type: string
format: date-time
description: The date at which a user's access expires
example: '2021-12-25T00:00:00.000Z'
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
description: Owner of the Access Profile
entitlements:
type: array
description: A list of entitlements associated with this Access Profile
items:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
description:
nullable: true
type: string
description: Information about the account
example: Account for Read/write to the company database
governanceGroupId:
nullable: true
type: string
description: The id associated with the machine Account Governance Group
example: 2c9180857182305e0171993737eb29e6
owner:
type: object
nullable: true
description: Information about the machine account owner
properties:
id:
nullable: true
type: string
description: The id associated with the machine account owner
example: 2c9180857182305e0171993737eb29e8
type:
type: string
enum:
- IDENTITY
description: An enumeration of the types of Owner supported within the IdentityNow infrastructure.
example: IDENTITY
displayName:
nullable: true
type: string
description: The machine account owner's display name
example: Alison Ferguson
created:
type: string
description: Date the Access Profile was created.
format: date-time
example: '2021-01-01T22:32:58.104Z'
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-02-01T22:32:58.104Z'
role:
type: object
nullable: true
properties:
id:
type: string
description: The id for the Role
example: 2c91808a7190d06e0171993907fd0794
name:
type: string
description: The name of the Role
example: Accounting-Employees
description:
type: string
description: Information about the Role
example: Role for members of the accounting department with the necessary Access Profiles
privileged:
type: boolean
description: Indicates if the entitlement is a privileged entitlement
example: false
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
revocable:
type: boolean
description: Indicates whether the Role can be revoked or requested
example: false
endDate:
type: string
format: date-time
description: The date when a user's access expires.
example: '2021-12-25T00:00:00.000Z'
accessProfiles:
type: array
description: The list of Access Profiles associated with this Role
items:
type: object
properties:
id:
type: string
description: The id of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
privileged:
type: boolean
description: Indicates if the entitlement is a privileged entitlement
example: false
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
example: false
endDate:
nullable: true
type: string
format: date-time
description: The date at which a user's access expires
example: '2021-12-25T00:00:00.000Z'
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
description: Owner of the Access Profile
entitlements:
type: array
description: A list of entitlements associated with this Access Profile
items:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
description:
nullable: true
type: string
description: Information about the account
example: Account for Read/write to the company database
governanceGroupId:
nullable: true
type: string
description: The id associated with the machine Account Governance Group
example: 2c9180857182305e0171993737eb29e6
owner:
type: object
nullable: true
description: Information about the machine account owner
properties:
id:
nullable: true
type: string
description: The id associated with the machine account owner
example: 2c9180857182305e0171993737eb29e8
type:
type: string
enum:
- IDENTITY
description: An enumeration of the types of Owner supported within the IdentityNow infrastructure.
example: IDENTITY
displayName:
nullable: true
type: string
description: The machine account owner's display name
example: Alison Ferguson
created:
type: string
description: Date the Access Profile was created.
format: date-time
example: '2021-01-01T22:32:58.104Z'
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-02-01T22:32:58.104Z'
entitlements:
type: array
description: The list of entitlements associated with this Role
items:
type: object
nullable: true
properties:
id:
type: string
description: The id for the entitlement
example: 2c918085718230600171993742c63558
name:
type: string
description: The name of the entitlement
example: CN=entitlement.bbb7c650
description:
nullable: true
type: string
description: Information about the entitlement
example: Gives read/write access to the company database
privileged:
type: boolean
example: false
default: false
description: Indicates if the entitlement is a privileged entitlement
owner:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
attributeName:
type: string
description: The name of the attribute on the source
example: memberOf
attributeValue:
type: string
description: The value of the attribute on the source
example: CN=entitlement.bbb7c650
sourceSchemaObjectType:
type: string
description: The schema object type on the source used to represent the entitlement and its attributes
example: groups
sourceName:
type: string
description: The name of the source for which this entitlement belongs
example: ODS-AD-Source
sourceType:
type: string
description: The type of the source for which the entitlement belongs
example: Active Directory - Direct
sourceId:
type: string
description: The ID of the source for which the entitlement belongs
example: 78ca6be511cb41fbb86dba2fcca7780c
hasPermissions:
type: boolean
default: false
description: Indicates if the entitlement has permissions
example: false
isPermission:
type: boolean
default: false
description: Indicates if the entitlement is a representation of an account permission
example: false
revocable:
type: boolean
default: false
description: Indicates whether the entitlement can be revoked
example: true
cloudGoverned:
type: boolean
default: false
description: True if the entitlement is cloud governed
example: false
containsDataAccess:
type: boolean
description: True if the entitlement has DAS data
default: false
example: true
dataAccess:
type: object
description: DAS data for the entitlement
nullable: true
properties:
policies:
type: array
description: List of classification policies that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the policy
example: GDPR-20
categories:
type: array
description: List of classification categories that apply to resources the entitlement \ groups has access to
items:
type: object
properties:
value:
type: string
description: Value of the category
example: email-7
matchCount:
type: integer
description: Number of matched for each category
example: 10
impactScore:
type: object
properties:
value:
type: string
description: Impact Score for this data
example: Medium
account:
type: object
nullable: true
description: Information about the status of the entitlement
properties:
nativeIdentity:
type: string
description: The native identity for this account
example: CN=Alison Ferguso
disabled:
type: boolean
default: false
example: false
description: Indicates whether this account is currently disabled
locked:
type: boolean
default: false
example: false
description: Indicates whether this account is currently locked
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
nullable: true
type: string
description: The id associated with the account
example: 2c9180857182305e0171993737eb29e6
name:
nullable: true
type: string
description: The account name
example: Alison Ferguso
created:
nullable: true
type: string
format: date-time
description: When the account was created
example: '2020-04-20T20:11:05.067Z'
modified:
nullable: true
type: string
format: date-time
description: When the account was last modified
example: '2020-05-20T18:57:16.987Z'
activityInsights:
type: object
description: Insights into account activity
properties:
accountID:
type: string
description: UUID of the account
example: c4ddd5421d8549f0abd309162cafd3b1
usageDays:
type: integer
format: int32
minimum: 0
maximum: 90
description: The number of days of activity
example: 45
usageDaysState:
type: string
enum:
- COMPLETE
- UNKNOWN
description: Status indicating if the activity is complete or unknown
example: COMPLETE
description:
nullable: true
type: string
description: Information about the account
example: Account for Read/write to the company database
governanceGroupId:
nullable: true
type: string
description: The id associated with the machine Account Governance Group
example: 2c9180857182305e0171993737eb29e6
owner:
type: object
nullable: true
description: Information about the machine account owner
properties:
id:
nullable: true
type: string
description: The id associated with the machine account owner
example: 2c9180857182305e0171993737eb29e8
type:
type: string
enum:
- IDENTITY
description: An enumeration of the types of Owner supported within the IdentityNow infrastructure.
example: IDENTITY
displayName:
nullable: true
type: string
description: The machine account owner's display name
example: Alison Ferguson
example:
- access:
type: ENTITLEMENT
id: 2c9180857182305e01719937429e2bad
name: CN=Engineering
entitlement:
id: 2c9180857182305e01719937429e2bad
name: CN=Engineering
description: Access to the engineering database
privileged: false
owner:
email: brandon.gray@acme-solar.com
type: IDENTITY
id: 2c9180867160846801719932c5153fb7
name: Brandon Gray
attributeName: memberOf
attributeValue: CN=Engineering
sourceName: ODS-AD-Source
hasPermissions: true
revocable: true
containsDataAccess: true
dataAccess:
policies:
- value: GDPR-1
- value: GDPR-2
categories:
- value: email-7
matchCount: 74
- value: email-9
matchCount: 30
impactScore:
value: Medium
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/identity-summaries/{identitySummaryId}':
get:
operationId: getIdentitySummary
tags:
- Certification Summaries
summary: Summary for identity
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
description: This API returns the summary for an identity on a specified identity campaign certification. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentityCertifications
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: identitySummaryId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getIdentitySummaries
description: The identity summary ID
example: 2c91808772a504f50172a9540e501ba8
responses:
'200':
description: An identity summary
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the identity summary
example: 2c91808772a504f50172a9540e501ba7
name:
type: string
description: Name of the linked identity
example: Alison Ferguso
identityId:
type: string
description: The ID of the identity being certified
example: 2c9180857182306001719937377a33de
completed:
type: boolean
description: Indicates whether the review items for the linked identity's certification have been completed
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{certificationId}/access-review-items/{itemId}/permissions':
get:
operationId: getIdentityCertificationItemPermissions
tags:
- Certifications
summary: Permissions for entitlement certification item
description: This API returns the permissions associated with an entitlement certification item based on the certification item's ID. Reviewers for this certification can also call this API.
security:
- userAuth:
- 'idn:certification:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**target**: *eq, sw*
**rights**: *ca*
Supported composite operators: *and, or*
All field values (second filter operands) are case-insensitive for this API.
Only a single *and* or *or* composite filter operator may be used. It must also be used between a target filter and a rights filter, not between 2 filters for the same field.
For example, the following is valid: `?filters=rights+ca+(%22CREATE%22)+and+target+eq+%22SYS.OBJAUTH2%22`
The following is invalid: 1?filters=rights+ca+(%22CREATE%22)+and+rights+ca+(%SELECT%22)1
example: target eq "SYS.OBJAUTH2"
- in: path
name: certificationId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentityCertifications
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: itemId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentityAccessReviewItems
description: The certification item ID
example: 2c91808671bcbab40171bd945d961227
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: A list of permissions associated with the given itemId
content:
application/json:
schema:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
example: HereIsRight1
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/reviewers':
get:
operationId: listCertificationReviewers
tags:
- Certifications
summary: List of reviewers for certification
description: This API returns a list of reviewers for the certification. Reviewers for this certification can also call this API.
security:
- userAuth:
- 'idn:certification:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentityCertifications
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**email**: *eq, sw*
example: name eq "Bob"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, email**
example: name
responses:
'200':
description: A list of reviewers
content:
application/json:
schema:
type: array
items:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certifications/{id}/reassign-async':
post:
operationId: submitReassignCertsAsync
tags:
- Certifications
summary: Reassign certifications asynchronously
description: |
This API initiates a task to reassign up to 500 identities or items in an identity campaign certification to another
reviewer. The `certification-tasks` API can be used to get an updated status on the task and determine when the
reassignment is complete.
Reviewers for this certification can also call this API.
security:
- userAuth:
- 'idn:campaign:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentityCertifications
description: The identity campaign certification ID
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
reassign:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of item or identity being reassigned.
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
description: The type of item or identity being reassigned.
enum:
- TARGET_SUMMARY
- ITEM
- IDENTITY_SUMMARY
example: ITEM
required:
- id
- type
reassignTo:
type: string
description: The ID of the identity to which the certification is reassigned
example: ef38f94347e94562b5bb8424a56397d8
reason:
type: string
description: The reason comment for why the reassign was made
example: reassigned for some reason
required:
- reassign
- reassignTo
- reason
responses:
'200':
description: A certification task object for the reassignment which can be queried for status.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the certification task.
example: 2c918086719eec070171a7e3355a360a
type:
type: string
description: The type of the certification task. More values may be added in the future.
enum:
- REASSIGN
- ADMIN_REASSIGN
- COMPLETE_CERTIFICATION
- FINISH_CERTIFICATION
- COMPLETE_CAMPAIGN
- ACTIVATE_CAMPAIGN
- CAMPAIGN_CREATE
- CAMPAIGN_DELETE
example: ADMIN_REASSIGN
targetType:
type: string
description: The type of item that is being operated on by this task whose ID is stored in the targetId field.
enum:
- CERTIFICATION
- CAMPAIGN
example: CAMPAIGN
targetId:
type: string
description: The ID of the item being operated on by this task.
example: 2c918086719eec070171a7e3355a834c
status:
type: string
description: The status of the task.
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example: QUEUED
errors:
type: array
description: List of error messages
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
example:
locale: en-US
localeOrigin: DEFAULT
text: Error Message
reassignmentTrailDTOs:
description: Reassignment trails that lead to self certification identity
type: array
items:
type: object
properties:
previousOwner:
type: string
description: The ID of previous owner identity.
example: ef38f94347e94562b5bb8424a56397d8
newOwner:
type: string
description: The ID of new owner identity.
example: ef38f94347e94562b5bb8424a56397a3
reassignmentType:
type: string
description: The type of reassignment.
example: AUTOMATIC_REASSIGNMENT
example:
previousOwner: ef38f94347e94562b5bb8424a56397d8
newOwner: ef38f94347e94562b5bb8424a56397a3
reassignmentType: AUTOMATIC_REASSIGNMENT
created:
type: string
description: The date and time on which this task was created.
format: date-time
example: '2020-09-24T18:10:47.693Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/certification-tasks/{id}':
get:
operationId: getCertificationTask
tags:
- Certifications
summary: Certification task by id
description: This API returns the certification task for the specified ID. Reviewers for the specified certification can also call this API.
security:
- userAuth:
- 'idn:certification:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPendingCertificationTasks
description: The task ID
example: 63b32151-26c0-42f4-9299-8898dc1c9daa
responses:
'200':
description: A certification task
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the certification task.
example: 2c918086719eec070171a7e3355a360a
type:
type: string
description: The type of the certification task. More values may be added in the future.
enum:
- REASSIGN
- ADMIN_REASSIGN
- COMPLETE_CERTIFICATION
- FINISH_CERTIFICATION
- COMPLETE_CAMPAIGN
- ACTIVATE_CAMPAIGN
- CAMPAIGN_CREATE
- CAMPAIGN_DELETE
example: ADMIN_REASSIGN
targetType:
type: string
description: The type of item that is being operated on by this task whose ID is stored in the targetId field.
enum:
- CERTIFICATION
- CAMPAIGN
example: CAMPAIGN
targetId:
type: string
description: The ID of the item being operated on by this task.
example: 2c918086719eec070171a7e3355a834c
status:
type: string
description: The status of the task.
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example: QUEUED
errors:
type: array
description: List of error messages
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
example:
locale: en-US
localeOrigin: DEFAULT
text: Error Message
reassignmentTrailDTOs:
description: Reassignment trails that lead to self certification identity
type: array
items:
type: object
properties:
previousOwner:
type: string
description: The ID of previous owner identity.
example: ef38f94347e94562b5bb8424a56397d8
newOwner:
type: string
description: The ID of new owner identity.
example: ef38f94347e94562b5bb8424a56397a3
reassignmentType:
type: string
description: The type of reassignment.
example: AUTOMATIC_REASSIGNMENT
example:
previousOwner: ef38f94347e94562b5bb8424a56397d8
newOwner: ef38f94347e94562b5bb8424a56397a3
reassignmentType: AUTOMATIC_REASSIGNMENT
created:
type: string
description: The date and time on which this task was created.
format: date-time
example: '2020-09-24T18:10:47.693Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/certification-tasks:
get:
operationId: getPendingCertificationTasks
tags:
- Certifications
summary: List of pending certification tasks
description: 'This API returns a list of pending (`QUEUED` or `IN_PROGRESS`) certification tasks. Any authenticated token can call this API, but only certification tasks you are authorized to review will be returned.'
security:
- userAuth:
- 'idn:certification:read'
parameters:
- in: query
name: reviewer-identity
schema:
type: string
example: Ada.1de82e55078344
description: The ID of reviewer identity. *me* indicates the current user.
required: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: type eq "ADMIN_REASSIGN"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**targetId**: *eq, in*
**type**: *eq, in*
responses:
'200':
description: A list of pending certification tasks
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the certification task.
example: 2c918086719eec070171a7e3355a360a
type:
type: string
description: The type of the certification task. More values may be added in the future.
enum:
- REASSIGN
- ADMIN_REASSIGN
- COMPLETE_CERTIFICATION
- FINISH_CERTIFICATION
- COMPLETE_CAMPAIGN
- ACTIVATE_CAMPAIGN
- CAMPAIGN_CREATE
- CAMPAIGN_DELETE
example: ADMIN_REASSIGN
targetType:
type: string
description: The type of item that is being operated on by this task whose ID is stored in the targetId field.
enum:
- CERTIFICATION
- CAMPAIGN
example: CAMPAIGN
targetId:
type: string
description: The ID of the item being operated on by this task.
example: 2c918086719eec070171a7e3355a834c
status:
type: string
description: The status of the task.
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example: QUEUED
errors:
type: array
description: List of error messages
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
example:
locale: en-US
localeOrigin: DEFAULT
text: Error Message
reassignmentTrailDTOs:
description: Reassignment trails that lead to self certification identity
type: array
items:
type: object
properties:
previousOwner:
type: string
description: The ID of previous owner identity.
example: ef38f94347e94562b5bb8424a56397d8
newOwner:
type: string
description: The ID of new owner identity.
example: ef38f94347e94562b5bb8424a56397a3
reassignmentType:
type: string
description: The type of reassignment.
example: AUTOMATIC_REASSIGNMENT
example:
previousOwner: ef38f94347e94562b5bb8424a56397d8
newOwner: ef38f94347e94562b5bb8424a56397a3
reassignmentType: AUTOMATIC_REASSIGNMENT
created:
type: string
description: The date and time on which this task was created.
format: date-time
example: '2020-09-24T18:10:47.693Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/connector-customizers:
get:
tags:
- Connector Customizers
operationId: listConnectorCustomizers
summary: List all connector customizers
description: List all connector customizers.
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
responses:
'200':
description: List all connector customizers.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
readOnly: true
description: Connector customizer ID.
example: b07dc46a-1498-4de8-bfbb-259a68e70c8a
name:
type: string
description: Connector customizer name.
example: connector-customizer-name
imageVersion:
type: integer
format: int64
description: Connector customizer image version.
example: 1
imageID:
type: string
description: Connector customizer image id.
example: 2c91808568c529c60168cca6f90c1324
tenantID:
type: string
description: Connector customizer tenant id.
example: 2c91808568c529c60168cca6f90c1324
created:
type: string
description: Date-time when the connector customizer was created
format: date-time
example: '2009-11-10 23:00:00 +0000 UTC'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:connector:read'
x-sailpoint-userLevels:
- ORG_ADMIN
post:
tags:
- Connector Customizers
operationId: createConnectorCustomizer
summary: Create connector customizer
description: Create a connector customizer.
requestBody:
required: true
description: Connector customizer to create.
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Connector customizer name.
example: My Custom Connector
responses:
'201':
description: Created connector customizer.
content:
application/json:
schema:
description: ConnectorCustomizerResponse
type: object
properties:
id:
type: string
description: the ID of connector customizer.
example: b07dc46a-1498-4de8-bfbb-259a68e70c8a
name:
type: string
description: name of the connector customizer.
example: connector-customizer-name
tenantID:
type: string
description: Connector customizer tenant id.
example: 2c91808568c529c60168cca6f90c1324
created:
type: string
description: Date-time when the connector customizer was created.
format: date-time
example: '2009-11-10 23:00:00 +0000 UTC'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:connector:create'
x-sailpoint-userLevels:
- ORG_ADMIN
'/connector-customizers/{id}':
get:
tags:
- Connector Customizers
summary: Get connector customizer
operationId: getConnectorCustomizer
description: Gets connector customizer by ID.
parameters:
- name: id
in: path
description: ID of the connector customizer to get.
required: true
schema:
type: string
example: b07dc46a-1498-4de8-bfbb-259a68e70c8a
x-sailpoint-resource-operation-id: listConnectorCustomizers
responses:
'200':
description: Connector customizer with the given ID.
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Connector customizer ID.
example: b07dc46a-1498-4de8-bfbb-259a68e70c8a
name:
type: string
description: Connector customizer name.
example: connector-customizer-name
imageVersion:
type: integer
format: int64
description: Connector customizer image version.
example: 1
imageID:
type: string
description: Connector customizer image id.
example: 2c91808568c529c60168cca6f90c1324
tenantID:
type: string
description: Connector customizer tenant id.
example: 2c91808568c529c60168cca6f90c1324
created:
type: string
description: Date-time when the connector customizer was created
format: date-time
example: '2009-11-10 23:00:00 +0000 UTC'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:connector:read'
x-sailpoint-userLevels:
- ORG_ADMIN
put:
tags:
- Connector Customizers
summary: Update connector customizer
description: 'Update an existing connector customizer with the one provided in the request body. These fields are immutable: `id`, `name`, `type`.'
operationId: putConnectorCustomizer
parameters:
- name: id
in: path
description: ID of the connector customizer to update.
required: true
schema:
type: string
example: b07dc46a-1498-4de8-bfbb-259a68e70c8a
x-sailpoint-resource-operation-id: listConnectorCustomizers
requestBody:
description: Connector rule with updated data.
content:
application/json:
schema:
description: ConnectorCustomizerUpdateRequest
type: object
allOf:
- type: object
properties:
name:
type: string
description: Connector customizer name.
example: My Custom Connector
responses:
'200':
description: Updated connector customizer.
content:
application/json:
schema:
description: ConnectorCustomizerUpdateResponse
allOf:
- type: object
properties:
imageVersion:
type: integer
format: int64
description: Connector customizer image version.
example: 1
imageID:
type: string
description: Connector customizer image id.
example: 2c91808568c529c60168cca6f90c1324
- description: ConnectorCustomizerResponse
type: object
properties:
id:
type: string
description: the ID of connector customizer.
example: b07dc46a-1498-4de8-bfbb-259a68e70c8a
name:
type: string
description: name of the connector customizer.
example: connector-customizer-name
tenantID:
type: string
description: Connector customizer tenant id.
example: 2c91808568c529c60168cca6f90c1324
created:
type: string
description: Date-time when the connector customizer was created.
format: date-time
example: '2009-11-10 23:00:00 +0000 UTC'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:connector:update'
x-sailpoint-userLevels:
- ORG_ADMIN
delete:
tags:
- Connector Customizers
summary: Delete connector customizer
description: Delete the connector customizer for the given ID.
operationId: deleteConnectorCustomizer
parameters:
- name: id
in: path
description: ID of the connector customizer to delete.
required: true
schema:
type: string
example: b07dc46a-1498-4de8-bfbb-259a68e70c8a
x-sailpoint-resource-operation-id: listConnectorCustomizers
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:connector:delete'
x-sailpoint-userLevels:
- ORG_ADMIN
'/connector-customizers/{id}/versions':
post:
operationId: createConnectorCustomizerVersion
security:
- userAuth:
- 'sp:connector:update'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Connector Customizers
summary: Creates a connector customizer version
description: Creates a new version for the customizer.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The id of the connector customizer.
example: b07dc46a-1498-4de8-bfbb-259a68e70c8a
x-sailpoint-resource-operation-id: listConnectorCustomizers
responses:
'200':
description: The created connector customizer version object.
content:
application/json:
schema:
description: ConnectorCustomizerVersionCreateResponse
type: object
nullable: true
properties:
customizerID:
type: string
description: ID of connector customizer.
example: b07dc46a-1498-4de8-bfbb-259a68e70c8a
imageID:
type: string
description: ImageID of the connector customizer.
example: 2c91808568c529c60168cca6f90c1324
version:
type: integer
format: int64
description: Image version of the connector customizer.
example: 1
created:
type: string
description: Date-time when the connector customizer version was created.
format: date-time
example: '2022-02-08T14:50:03.827Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/object-mappings/{sourceOrg}':
get:
operationId: getObjectMappings
security:
- userAuth:
- 'sp:config-object-mapping:read'
- 'sp:config-object-mapping:manage'
tags:
- Configuration Hub
summary: Gets list of object mappings
description: |-
This gets a list of existing object mappings between current org and source org.
Source org should be "default" when getting object mappings that are not associated to any particular org.
The request will need the following security scope:
- sp:config-object-mapping:read
parameters:
- in: path
name: sourceOrg
schema:
type: string
required: true
description: The name of the source org.
example: source-org
responses:
'200':
description: List of existing object mappings between current org and source org.
content:
application/json:
schema:
type: array
items:
type: object
title: Object Mapping Response
properties:
objectMappingId:
type: string
description: Id of the object mapping
example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
objectType:
type: string
description: Type of the object the mapping value applies to
example: IDENTITY
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- ENTITLEMENT
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
jsonPath:
type: string
description: JSONPath expression denoting the path within the object where the mapping value should be applied
example: $.name
sourceValue:
type: string
description: Original value at the jsonPath location within the object
example: My Governance Group Name
targetValue:
type: string
description: Value to be assigned at the jsonPath location within the object
example: My New Governance Group Name
enabled:
type: boolean
description: Whether or not this object mapping is enabled
default: false
example: false
created:
type: string
description: Object mapping creation timestamp
example: '2024-03-19T23:18:53.732Z'
modified:
type: string
description: Object mapping latest update timestamp
example: '2024-03-19T23:18:53.732Z'
example:
- objectMappingId: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
objectType: GOVERNANCE_GROUP
jsonPath: $.description
sourceValue: Sample Governance Group
targetValue: Sample Governance Group - Updated
enabled: true
created: '2024-03-19T23:18:53.732Z'
modified: '2024-03-19T23:18:53.732Z'
- objectMappingId: e1d5cb80-65e2-4f92-ae2e-9588f61cc4cd
objectType: IDENTITY
jsonPath: $.name
sourceValue: SailPoint Support
targetValue: john.doe
enabled: false
created: '2024-03-19T23:18:06.238Z'
modified: '2024-03-19T23:18:06.238Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createObjectMapping
security:
- userAuth:
- 'sp:config-object-mapping:manage'
tags:
- Configuration Hub
summary: Creates an object mapping
description: |-
This creates an object mapping between current org and source org.
Source org should be "default" when creating an object mapping that is not to be associated to any particular org.
The request will need the following security scope:
- sp:config-object-mapping:manage
parameters:
- in: path
name: sourceOrg
schema:
type: string
required: true
description: The name of the source org.
example: source-org
requestBody:
description: The object mapping request body.
required: true
content:
application/json:
schema:
type: object
title: Object Mapping Request
required:
- objectType
- jsonPath
- sourceValue
- targetValue
properties:
objectType:
type: string
description: 'Type of the object the mapping value applies to, must be one from enum'
example: IDENTITY
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- ENTITLEMENT
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
jsonPath:
type: string
description: JSONPath expression denoting the path within the object where the mapping value should be applied
example: $.name
sourceValue:
type: string
description: Original value at the jsonPath location within the object
example: My Governance Group Name
targetValue:
type: string
description: Value to be assigned at the jsonPath location within the object
example: My New Governance Group Name
enabled:
type: boolean
description: Whether or not this object mapping is enabled
default: false
example: false
example:
objectType: GOVERNANCE_GROUP
jsonPath: $.description
sourceValue: Sample Governance Group
targetValue: Sample Governance Group - Updated
enabled: true
responses:
'200':
description: The created object mapping between current org and source org.
content:
application/json:
schema:
type: object
title: Object Mapping Response
properties:
objectMappingId:
type: string
description: Id of the object mapping
example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
objectType:
type: string
description: Type of the object the mapping value applies to
example: IDENTITY
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- ENTITLEMENT
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
jsonPath:
type: string
description: JSONPath expression denoting the path within the object where the mapping value should be applied
example: $.name
sourceValue:
type: string
description: Original value at the jsonPath location within the object
example: My Governance Group Name
targetValue:
type: string
description: Value to be assigned at the jsonPath location within the object
example: My New Governance Group Name
enabled:
type: boolean
description: Whether or not this object mapping is enabled
default: false
example: false
created:
type: string
description: Object mapping creation timestamp
example: '2024-03-19T23:18:53.732Z'
modified:
type: string
description: Object mapping latest update timestamp
example: '2024-03-19T23:18:53.732Z'
example:
objectMappingId: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
objectType: GOVERNANCE_GROUP
jsonPath: $.description
sourceValue: Sample Governance Group
targetValue: Sample Governance Group - Updated
enabled: true
created: '2024-03-19T23:18:53.732Z'
modified: '2024-03-19T23:18:53.732Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/object-mappings/{sourceOrg}/{objectMappingId}':
delete:
operationId: deleteObjectMapping
security:
- userAuth:
- 'sp:config-object-mapping:manage'
tags:
- Configuration Hub
summary: Deletes an object mapping
description: |-
This deletes an existing object mapping.
Source org should be "default" when deleting an object mapping that is not associated to any particular org.
The request will need the following security scope:
- sp:config-object-mapping:manage
parameters:
- in: path
name: sourceOrg
schema:
type: string
required: true
description: The name of the source org.
example: source-org
- in: path
name: objectMappingId
schema:
type: string
required: true
description: The id of the object mapping to be deleted.
example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/object-mappings/{sourceOrg}/bulk-create':
post:
operationId: createObjectMappings
security:
- userAuth:
- 'sp:config-object-mapping:manage'
tags:
- Configuration Hub
summary: Bulk creates object mappings
description: |-
This creates a set of object mappings (Max 25) between current org and source org.
Source org should be "default" when creating object mappings that are not to be associated to any particular org.
The request will need the following security scope:
- sp:config-object-mapping:manage
parameters:
- in: path
name: sourceOrg
schema:
type: string
required: true
description: The name of the source org.
example: source-org
requestBody:
description: The bulk create object mapping request body.
required: true
content:
application/json:
schema:
type: object
title: Bulk Create Object Mapping Request
required:
- newObjectsMappings
properties:
newObjectsMappings:
type: array
items:
type: object
title: Object Mapping Request
required:
- objectType
- jsonPath
- sourceValue
- targetValue
properties:
objectType:
type: string
description: 'Type of the object the mapping value applies to, must be one from enum'
example: IDENTITY
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- ENTITLEMENT
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
jsonPath:
type: string
description: JSONPath expression denoting the path within the object where the mapping value should be applied
example: $.name
sourceValue:
type: string
description: Original value at the jsonPath location within the object
example: My Governance Group Name
targetValue:
type: string
description: Value to be assigned at the jsonPath location within the object
example: My New Governance Group Name
enabled:
type: boolean
description: Whether or not this object mapping is enabled
default: false
example: false
example:
newObjectsMappings:
- objectType: SOURCE
jsonPath: $.name
sourceValue: Original SOURCE Name
targetValue: New SOURCE Name
enabled: true
- objectType: IDENTITY
jsonPath: $.name
sourceValue: Original IDENTITY Name
targetValue: 'New IDENTITY Name '
enabled: true
responses:
'200':
description: The created object mapping between current org and source org.
content:
application/json:
schema:
type: object
title: Bulk Create Object Mapping Response
properties:
addedObjects:
type: array
items:
type: object
title: Object Mapping Response
properties:
objectMappingId:
type: string
description: Id of the object mapping
example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
objectType:
type: string
description: Type of the object the mapping value applies to
example: IDENTITY
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- ENTITLEMENT
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
jsonPath:
type: string
description: JSONPath expression denoting the path within the object where the mapping value should be applied
example: $.name
sourceValue:
type: string
description: Original value at the jsonPath location within the object
example: My Governance Group Name
targetValue:
type: string
description: Value to be assigned at the jsonPath location within the object
example: My New Governance Group Name
enabled:
type: boolean
description: Whether or not this object mapping is enabled
default: false
example: false
created:
type: string
description: Object mapping creation timestamp
example: '2024-03-19T23:18:53.732Z'
modified:
type: string
description: Object mapping latest update timestamp
example: '2024-03-19T23:18:53.732Z'
example:
addedObjects:
- objectMappingId: 603b1a61-d03d-4ed1-864f-a508fbd1995d
objectType: SOURCE
jsonPath: $.name
sourceValue: Original SOURCE Name
targetValue: New SOURCE Name
enabled: true
created: '2024-03-25T15:50:41.314Z'
modified: '2024-03-25T15:50:41.299Z'
- objectMappingId: 00bece34-f50d-4227-8878-76f620b5a971
objectType: IDENTITY
jsonPath: $.name
sourceValue: Original IDENTITY Name
targetValue: 'New IDENTITY Name '
enabled: true
created: '2024-03-25T15:50:41.316Z'
modified: '2024-03-25T15:50:41.316Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/object-mappings/{sourceOrg}/bulk-patch':
post:
operationId: updateObjectMappings
security:
- userAuth:
- 'sp:config-object-mapping:manage'
tags:
- Configuration Hub
summary: Bulk updates object mappings
description: |-
This updates a set of object mappings, only enabled and targetValue fields can be updated.
Source org should be "default" when updating object mappings that are not associated to any particular org.
The request will need the following security scope:
- sp:config-object-mapping:manage
parameters:
- in: path
name: sourceOrg
schema:
type: string
required: true
description: The name of the source org.
example: source-org
requestBody:
description: The object mapping request body.
required: true
content:
application/json:
schema:
type: object
title: Bulk Update Object Mapping Request
required:
- patches
properties:
patches:
description: Map of id of the object mapping to a JsonPatchOperation describing what to patch on that object mapping.
type: object
additionalProperties:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
603b1a61-d03d-4ed1-864f-a508fbd1995d:
- op: replace
path: /enabled
value: true
00bece34-f50d-4227-8878-76f620b5a971:
- op: replace
path: /targetValue
value: New Target Value
example:
patches:
603b1a61-d03d-4ed1-864f-a508fbd1995d:
- op: replace
path: /enabled
value: true
00bece34-f50d-4227-8878-76f620b5a971:
- op: replace
path: /targetValue
value: New Target Value
responses:
'200':
description: The updated object mappings.
content:
application/json:
schema:
type: object
title: Bulk Update Object Mapping Response
properties:
patchedObjects:
type: array
items:
type: object
title: Object Mapping Response
properties:
objectMappingId:
type: string
description: Id of the object mapping
example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4
objectType:
type: string
description: Type of the object the mapping value applies to
example: IDENTITY
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- ENTITLEMENT
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
jsonPath:
type: string
description: JSONPath expression denoting the path within the object where the mapping value should be applied
example: $.name
sourceValue:
type: string
description: Original value at the jsonPath location within the object
example: My Governance Group Name
targetValue:
type: string
description: Value to be assigned at the jsonPath location within the object
example: My New Governance Group Name
enabled:
type: boolean
description: Whether or not this object mapping is enabled
default: false
example: false
created:
type: string
description: Object mapping creation timestamp
example: '2024-03-19T23:18:53.732Z'
modified:
type: string
description: Object mapping latest update timestamp
example: '2024-03-19T23:18:53.732Z'
example:
patchedObjects:
- objectMappingId: 603b1a61-d03d-4ed1-864f-a508fbd1995d
objectType: SOURCE
jsonPath: $.name
sourceValue: Original SOURCE Name
targetValue: New SOURCE Name
enabled: true
created: '2024-03-25T15:50:41.314Z'
modified: '2024-03-25T15:50:41.299Z'
- objectMappingId: 00bece34-f50d-4227-8878-76f620b5a971
objectType: IDENTITY
jsonPath: $.name
sourceValue: Original IDENTITY Name
targetValue: 'New IDENTITY Name '
enabled: true
created: '2024-03-25T15:50:41.316Z'
modified: '2024-03-25T15:50:41.316Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/configuration-hub/scheduled-actions:
get:
operationId: listScheduledActions
security:
- userAuth:
- 'sp:config-scheduled-action:read'
- 'sp:config-scheduled-action:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Configuration Hub
summary: List scheduled actions
description: This API gets a list of existing scheduled actions for the current tenant.
responses:
'200':
description: List of existing scheduled actions.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Unique identifier for this scheduled action.
example: 3469b87d-48ca-439a-868f-2160001da8c1
created:
type: string
format: date-time
description: The time when this scheduled action was created.
example: '2021-05-11T22:23:16Z'
jobType:
type: string
description: Type of the scheduled job.
enum:
- BACKUP
- CREATE_DRAFT
- CONFIG_DEPLOY_DRAFT
example: BACKUP
content:
type: object
description: Content details for the scheduled action.
properties:
name:
type: string
description: Name of the scheduled action (maximum 50 characters).
maxLength: 50
example: Daily Backup
backupOptions:
type: object
description: 'Options for BACKUP type jobs. Optional, applicable for BACKUP jobs only.'
properties:
includeTypes:
type: array
description: Object types that are to be included in the backup.
items:
type: string
example:
- ROLE
- IDENTITY_PROFILE
objectOptions:
type: object
description: Map of objectType string to the options to be passed to the target service for that objectType.
additionalProperties:
type: object
properties:
includedNames:
type: array
description: Set of names to be included.
items:
type: string
example:
- Admin Role
- User Role
example:
SOURCE:
includedNames:
- Source1
- Source2
ROLE:
includedNames:
- Admin Role
- User Role
sourceBackupId:
type: string
description: ID of the source backup. Required for CREATE_DRAFT jobs only.
example: 5678b87d-48ca-439a-868f-2160001da8c2
sourceTenant:
type: string
description: Source tenant identifier. Required for CREATE_DRAFT jobs only.
example: tenant-name
draftId:
type: string
description: ID of the draft to be deployed. Required for CONFIG_DEPLOY_DRAFT jobs only.
example: 9012b87d-48ca-439a-868f-2160001da8c3
startTime:
type: string
format: date-time
description: The time when this scheduled action should start.
example: '2021-05-12T10:00:00Z'
cronString:
type: string
description: Cron expression defining the schedule for this action.
example: 0 0 * * * *
timeZoneId:
type: string
description: Time zone ID for interpreting the cron expression.
example: America/Chicago
example:
- id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
created: '2024-08-16T14:16:58.389Z'
jobType: BACKUP
content:
name: Backup Name
backupOptions:
includeTypes:
- SOURCE
- IDENTITY
objectOptions: []
startTime: '2024-08-16T14:16:58.389Z'
cronString: 0 0 * * * *
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createScheduledAction
security:
- userAuth:
- 'sp:config-scheduled-action:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Configuration Hub
summary: Create scheduled action
description: This API creates a new scheduled action for the current tenant.
requestBody:
description: The scheduled action creation request body.
required: true
content:
application/json:
schema:
type: object
required:
- jobType
- content
properties:
jobType:
type: string
description: Type of the scheduled job.
enum:
- BACKUP
- CREATE_DRAFT
- CONFIG_DEPLOY_DRAFT
example: BACKUP
startTime:
type: string
format: date-time
description: The time when this scheduled action should start. Optional.
example: '2024-08-16T14:16:58.389Z'
cronString:
type: string
description: Cron expression defining the schedule for this action. Optional for repeated events.
example: 0 0 * * * *
timeZoneId:
type: string
description: 'Time zone ID for interpreting the cron expression. Optional, will default to current time zone.'
example: America/Chicago
content:
type: object
required:
- name
properties:
name:
type: string
description: Name of the scheduled action (maximum 50 characters).
maxLength: 50
example: Daily Backup
backupOptions:
type: object
description: Options for BACKUP type jobs. Required for BACKUP jobs.
properties:
includeTypes:
type: array
description: Object types that are to be included in the backup.
items:
type: string
example:
- ROLE
- IDENTITY_PROFILE
objectOptions:
type: object
description: Map of objectType string to the options to be passed to the target service for that objectType.
additionalProperties:
type: object
properties:
includedNames:
type: array
description: Set of names to be included.
items:
type: string
example:
- Admin Role
- User Role
example:
SOURCE:
includedNames:
- Source1
- Source2
ROLE:
includedNames:
- Admin Role
- User Role
sourceBackupId:
type: string
description: ID of the source backup. Required for CREATE_DRAFT jobs.
example: 5678b87d-48ca-439a-868f-2160001da8c2
sourceTenant:
type: string
description: Source tenant identifier. Required for CREATE_DRAFT jobs.
example: tenant-name
draftId:
type: string
description: ID of the draft to be deployed. Required for CONFIG_DEPLOY_DRAFT jobs.
example: 9012b87d-48ca-439a-868f-2160001da8c3
example:
jobType: BACKUP
startTime: '2024-08-16T14:16:58.389Z'
cronString: 0 0 * * * *
timeZoneId: America/Chicago
content:
name: Daily Backup
backupOptions:
includeTypes:
- SOURCE
- IDENTITY
objectOptions:
SOURCE:
includedNames:
- Source1
- Source2
responses:
'200':
description: The created scheduled action.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Unique identifier for this scheduled action.
example: 3469b87d-48ca-439a-868f-2160001da8c1
created:
type: string
format: date-time
description: The time when this scheduled action was created.
example: '2021-05-11T22:23:16Z'
jobType:
type: string
description: Type of the scheduled job.
enum:
- BACKUP
- CREATE_DRAFT
- CONFIG_DEPLOY_DRAFT
example: BACKUP
content:
type: object
description: Content details for the scheduled action.
properties:
name:
type: string
description: Name of the scheduled action (maximum 50 characters).
maxLength: 50
example: Daily Backup
backupOptions:
type: object
description: 'Options for BACKUP type jobs. Optional, applicable for BACKUP jobs only.'
properties:
includeTypes:
type: array
description: Object types that are to be included in the backup.
items:
type: string
example:
- ROLE
- IDENTITY_PROFILE
objectOptions:
type: object
description: Map of objectType string to the options to be passed to the target service for that objectType.
additionalProperties:
type: object
properties:
includedNames:
type: array
description: Set of names to be included.
items:
type: string
example:
- Admin Role
- User Role
example:
SOURCE:
includedNames:
- Source1
- Source2
ROLE:
includedNames:
- Admin Role
- User Role
sourceBackupId:
type: string
description: ID of the source backup. Required for CREATE_DRAFT jobs only.
example: 5678b87d-48ca-439a-868f-2160001da8c2
sourceTenant:
type: string
description: Source tenant identifier. Required for CREATE_DRAFT jobs only.
example: tenant-name
draftId:
type: string
description: ID of the draft to be deployed. Required for CONFIG_DEPLOY_DRAFT jobs only.
example: 9012b87d-48ca-439a-868f-2160001da8c3
startTime:
type: string
format: date-time
description: The time when this scheduled action should start.
example: '2021-05-12T10:00:00Z'
cronString:
type: string
description: Cron expression defining the schedule for this action.
example: 0 0 * * * *
timeZoneId:
type: string
description: Time zone ID for interpreting the cron expression.
example: America/Chicago
example:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
created: '2024-08-16T14:16:58.389Z'
jobType: BACKUP
content:
name: Daily Backup
backupOptions:
includeTypes:
- SOURCE
- IDENTITY
objectOptions:
SOURCE:
includedNames:
- Source1
- Source2
startTime: '2024-08-16T14:16:58.389Z'
cronString: 0 0 * * * *
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/scheduled-actions/{id}':
patch:
operationId: updateScheduledAction
security:
- userAuth:
- 'sp:config-scheduled-action:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Configuration Hub
summary: Update scheduled action
description: This API updates an existing scheduled action using JSON Patch format.
parameters:
- in: path
name: scheduledActionId
schema:
type: string
required: true
description: The ID of the scheduled action.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
x-sailpoint-resource-operation-id: listScheduledActions
requestBody:
description: The JSON Patch document containing the changes to apply to the scheduled action.
required: true
content:
application/json-patch+json:
schema:
type: object
description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
properties:
operations:
description: Operations to be applied
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /content/name
value: Updated Backup Name
- op: replace
path: /cronString
value: 0 0 9 * * ?
responses:
'200':
description: The updated scheduled action.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Unique identifier for this scheduled action.
example: 3469b87d-48ca-439a-868f-2160001da8c1
created:
type: string
format: date-time
description: The time when this scheduled action was created.
example: '2021-05-11T22:23:16Z'
jobType:
type: string
description: Type of the scheduled job.
enum:
- BACKUP
- CREATE_DRAFT
- CONFIG_DEPLOY_DRAFT
example: BACKUP
content:
type: object
description: Content details for the scheduled action.
properties:
name:
type: string
description: Name of the scheduled action (maximum 50 characters).
maxLength: 50
example: Daily Backup
backupOptions:
type: object
description: 'Options for BACKUP type jobs. Optional, applicable for BACKUP jobs only.'
properties:
includeTypes:
type: array
description: Object types that are to be included in the backup.
items:
type: string
example:
- ROLE
- IDENTITY_PROFILE
objectOptions:
type: object
description: Map of objectType string to the options to be passed to the target service for that objectType.
additionalProperties:
type: object
properties:
includedNames:
type: array
description: Set of names to be included.
items:
type: string
example:
- Admin Role
- User Role
example:
SOURCE:
includedNames:
- Source1
- Source2
ROLE:
includedNames:
- Admin Role
- User Role
sourceBackupId:
type: string
description: ID of the source backup. Required for CREATE_DRAFT jobs only.
example: 5678b87d-48ca-439a-868f-2160001da8c2
sourceTenant:
type: string
description: Source tenant identifier. Required for CREATE_DRAFT jobs only.
example: tenant-name
draftId:
type: string
description: ID of the draft to be deployed. Required for CONFIG_DEPLOY_DRAFT jobs only.
example: 9012b87d-48ca-439a-868f-2160001da8c3
startTime:
type: string
format: date-time
description: The time when this scheduled action should start.
example: '2021-05-12T10:00:00Z'
cronString:
type: string
description: Cron expression defining the schedule for this action.
example: 0 0 * * * *
timeZoneId:
type: string
description: Time zone ID for interpreting the cron expression.
example: America/Chicago
example:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
created: '2024-08-16T14:16:58.389Z'
jobType: BACKUP
content:
name: Updated Backup Name
backupOptions:
includeTypes:
- SOURCE
- IDENTITY
objectOptions:
SOURCE:
includedNames:
- Source1
- Source2
startTime: '2024-08-16T14:16:58.389Z'
cronString: 0 0 9 * * ?
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteScheduledAction
security:
- userAuth:
- 'sp:config-scheduled-action:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Configuration Hub
summary: Delete scheduled action
description: This API deletes an existing scheduled action.
parameters:
- in: path
name: scheduledActionId
schema:
type: string
required: true
description: The ID of the scheduled action.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
x-sailpoint-resource-operation-id: listScheduledActions
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/configuration-hub/backups/uploads:
get:
operationId: listUploadedConfigurations
security:
- userAuth:
- 'sp:config-backup:read'
- 'sp:config-backup:manage'
tags:
- Configuration Hub
summary: List uploaded configurations
description: This API gets a list of existing uploaded configurations for the current tenant.
parameters:
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**status**: *eq*
example: status eq "COMPLETE"
required: false
responses:
'200':
description: List of existing uploaded configurations.
content:
application/json:
schema:
type: array
items:
type: object
properties:
jobId:
type: string
description: Unique id assigned to this backup.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the backup.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, will always be BACKUP for this type of job.'
enum:
- BACKUP
example: BACKUP
tenant:
type: string
description: The name of the tenant performing the upload
example: tenant-name
requesterName:
type: string
description: The name of the requester.
example: Requester Name
fileExists:
type: boolean
default: true
description: Whether or not a file was created and stored for this backup.
example: true
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
completed:
type: string
format: date-time
description: The time the job was completed.
example: '2021-05-11T22:23:16Z'
name:
type: string
description: The name assigned to the upload file in the request body.
example: Backup Name
userCanDelete:
type: boolean
default: true
description: Whether this backup can be deleted by a regular user.
example: false
isPartial:
type: boolean
default: false
description: Whether this backup contains all supported object types or only some of them.
example: false
backupType:
type: string
description: |-
Denotes how this backup was created.
- MANUAL - The backup was created by a user.
- AUTOMATED - The backup was created by devops.
- AUTOMATED_DRAFT - The backup was created during a draft process.
- UPLOADED - The backup was created by uploading an existing configuration file.
enum:
- UPLOADED
- AUTOMATED
- MANUAL
example: MANUAL
options:
type: object
nullable: true
description: Backup options control what will be included in the backup.
properties:
includeTypes:
type: array
description: Object type names to be included in a Configuration Hub backup command.
items:
type: string
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: TRIGGER_SUBSCRIPTION
objectOptions:
description: Additional options targeting specific objects related to each item in the includeTypes field.
type: object
additionalProperties:
type: object
properties:
includedNames:
description: Object names to be included in a backup.
type: array
items:
type: string
example: Test Object name
example:
TRIGGER_SUBSCRIPTION:
includedNames:
- Trigger Subscription name
hydrationStatus:
type: string
description: Whether the object details of this backup are ready.
enum:
- HYDRATED
- NOT_HYDRATED
example: NOT_HYDRATED
totalObjectCount:
type: integer
format: int64
description: Number of objects contained in this backup.
example: 10
cloudStorageStatus:
type: string
description: Whether this backup has been transferred to a customer storage location.
enum:
- SYNCED
- NOT_SYNCED
- SYNC_FAILED
example: SYNCED
example:
- jobId: 281d421c-0643-4004-9fe5-29a95d2f73df
status: COMPLETE
type: BACKUP
tenant: someTenant
requesterName: support
fileExists: true
created: '2024-03-07T21:11:00.375Z'
modified: '2024-03-07T21:11:25.046Z'
completed: '2024-03-07T21:11:00.66Z'
name: test1
userCanDelete: false
isPartial: false
backupType: UPLOADED
hydrationStatus: HYDRATED
totalObjectCount: 64
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createUploadedConfiguration
security:
- userAuth:
- 'sp:config-backup:manage'
tags:
- Configuration Hub
summary: Upload a configuration
description: |-
This API uploads a JSON configuration file into a tenant.
Configuration files can be managed and deployed via Configuration Hub by uploading a json file which contains configuration data. The JSON file should be the same as the one used by our import endpoints. The object types supported by upload configuration file functionality are the same as the ones supported by our regular backup functionality.
Refer to [SaaS Configuration](https://developer.sailpoint.com/idn/docs/saas-configuration/#supported-objects) for more information about supported objects.
requestBody:
description: |
The body will consist of "data" which should contain the json file and name wish should be the name you want to assign to the uploaded file"
__Example__
data: "uploaded.json",
name: "A_NEW_UPLOADED_BACKUP"
__Sample Upload File__
{
"version": 1,
"tenant": "a-sample-tenant",
"objects":
[
{
"version": 1,
"self":
{
"id": "0a59c7196d2917f8aa6d29686e6600fb",
"type": "SOURCE",
"name": "Extended Form"
},
"object":
{
"id": "0a59c7196d2917f8aa6d29686e6600fb",
"name": "Extended Form",
"type": "DelimitedFile",
"connectorClass": "sailpoint.connector.DelimitedFileConnector",
"connectorScriptName": "delimited-file-angularsc",
"description": "Migrated app - Extended Form (original ID: 0a59c7196d2917f8aa6d29686e6600fb)",
"deleteThreshold": 10,
"provisionAsCsv": false,
"owner":
{
"type": "IDENTITY",
"id": "0a59c7196d2917f8816d29685fed00c3",
"name": "slpt.services"
},
"connectorAttributes":
{
"beforemoveAccount": "Do Nothing",
"beforemoverAccount": "Do Nothing",
"busApp": "false",
"file": "Empty",
"filetransport": "local",
"filterEmptyRecords": "true",
"group.filetransport": "local",
"group.filterEmptyRecords": "true",
"group.partitionMode": "auto",
"hasHeader": "true",
"indexColumn": "ID",
"isCaseInsensitiveMerge": "false",
"isSortedByIndexColumn": "false",
"loaProcess": "Do Nothing",
"ltdProcess": "Do Nothing",
"mergeRows": "false",
"moverProcess": "Do Nothing",
"moverRevocation": "Do Nothing",
"nativeChangeDetectionAttributeScope": "entitlements",
"nativeChangeDetectionEnabled": "false",
"nativeChangeProcess": "Do Nothing",
"parseType": "delimited",
"partitionMode": "auto",
"policyType": "Do Nothing",
"rehireProcess": "Do Nothing",
"reverseleaverProcess": "Do Nothing",
"rtwloaProcess": "Do Nothing",
"rtwltdProcess": "Do Nothing",
"stopIfLineHasWrongColumnLength": "false",
"templateApplication": "DelimitedFile Template",
"terminationProcess": "Do Nothing"
},
"schemas":
[],
"provisioningPolicies":
[],
"features":
[
"DIRECT_PERMISSIONS",
"NO_RANDOM_ACCESS",
"DISCOVER_SCHEMA"
]
}
}
]
}
required: true
content:
multipart/form-data:
schema:
type: object
properties:
data:
type: string
format: binary
description: JSON file containing the objects to be imported.
name:
type: string
description: Name that will be assigned to the uploaded configuration file.
required:
- data
- name
responses:
'202':
description: Upload job accepted and queued for processing.
content:
application/json:
schema:
type: object
properties:
jobId:
type: string
description: Unique id assigned to this backup.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the backup.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, will always be BACKUP for this type of job.'
enum:
- BACKUP
example: BACKUP
tenant:
type: string
description: The name of the tenant performing the upload
example: tenant-name
requesterName:
type: string
description: The name of the requester.
example: Requester Name
fileExists:
type: boolean
default: true
description: Whether or not a file was created and stored for this backup.
example: true
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
completed:
type: string
format: date-time
description: The time the job was completed.
example: '2021-05-11T22:23:16Z'
name:
type: string
description: The name assigned to the upload file in the request body.
example: Backup Name
userCanDelete:
type: boolean
default: true
description: Whether this backup can be deleted by a regular user.
example: false
isPartial:
type: boolean
default: false
description: Whether this backup contains all supported object types or only some of them.
example: false
backupType:
type: string
description: |-
Denotes how this backup was created.
- MANUAL - The backup was created by a user.
- AUTOMATED - The backup was created by devops.
- AUTOMATED_DRAFT - The backup was created during a draft process.
- UPLOADED - The backup was created by uploading an existing configuration file.
enum:
- UPLOADED
- AUTOMATED
- MANUAL
example: MANUAL
options:
type: object
nullable: true
description: Backup options control what will be included in the backup.
properties:
includeTypes:
type: array
description: Object type names to be included in a Configuration Hub backup command.
items:
type: string
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: TRIGGER_SUBSCRIPTION
objectOptions:
description: Additional options targeting specific objects related to each item in the includeTypes field.
type: object
additionalProperties:
type: object
properties:
includedNames:
description: Object names to be included in a backup.
type: array
items:
type: string
example: Test Object name
example:
TRIGGER_SUBSCRIPTION:
includedNames:
- Trigger Subscription name
hydrationStatus:
type: string
description: Whether the object details of this backup are ready.
enum:
- HYDRATED
- NOT_HYDRATED
example: NOT_HYDRATED
totalObjectCount:
type: integer
format: int64
description: Number of objects contained in this backup.
example: 10
cloudStorageStatus:
type: string
description: Whether this backup has been transferred to a customer storage location.
enum:
- SYNCED
- NOT_SYNCED
- SYNC_FAILED
example: SYNCED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/backups/uploads/{id}':
get:
operationId: getUploadedConfiguration
security:
- userAuth:
- 'sp:config-backup:read'
- 'sp:config-backup:manage'
tags:
- Configuration Hub
summary: Get an uploaded configuration
description: This API gets an existing uploaded configuration for the current tenant.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The id of the uploaded configuration.
example: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b
responses:
'200':
description: Gets an uploaded configuration details.
content:
application/json:
schema:
type: object
properties:
jobId:
type: string
description: Unique id assigned to this backup.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the backup.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, will always be BACKUP for this type of job.'
enum:
- BACKUP
example: BACKUP
tenant:
type: string
description: The name of the tenant performing the upload
example: tenant-name
requesterName:
type: string
description: The name of the requester.
example: Requester Name
fileExists:
type: boolean
default: true
description: Whether or not a file was created and stored for this backup.
example: true
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
completed:
type: string
format: date-time
description: The time the job was completed.
example: '2021-05-11T22:23:16Z'
name:
type: string
description: The name assigned to the upload file in the request body.
example: Backup Name
userCanDelete:
type: boolean
default: true
description: Whether this backup can be deleted by a regular user.
example: false
isPartial:
type: boolean
default: false
description: Whether this backup contains all supported object types or only some of them.
example: false
backupType:
type: string
description: |-
Denotes how this backup was created.
- MANUAL - The backup was created by a user.
- AUTOMATED - The backup was created by devops.
- AUTOMATED_DRAFT - The backup was created during a draft process.
- UPLOADED - The backup was created by uploading an existing configuration file.
enum:
- UPLOADED
- AUTOMATED
- MANUAL
example: MANUAL
options:
type: object
nullable: true
description: Backup options control what will be included in the backup.
properties:
includeTypes:
type: array
description: Object type names to be included in a Configuration Hub backup command.
items:
type: string
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: TRIGGER_SUBSCRIPTION
objectOptions:
description: Additional options targeting specific objects related to each item in the includeTypes field.
type: object
additionalProperties:
type: object
properties:
includedNames:
description: Object names to be included in a backup.
type: array
items:
type: string
example: Test Object name
example:
TRIGGER_SUBSCRIPTION:
includedNames:
- Trigger Subscription name
hydrationStatus:
type: string
description: Whether the object details of this backup are ready.
enum:
- HYDRATED
- NOT_HYDRATED
example: NOT_HYDRATED
totalObjectCount:
type: integer
format: int64
description: Number of objects contained in this backup.
example: 10
cloudStorageStatus:
type: string
description: Whether this backup has been transferred to a customer storage location.
enum:
- SYNCED
- NOT_SYNCED
- SYNC_FAILED
example: SYNCED
example:
jobId: 2ea830f3-2b14-4772-8a20-3d006742e419
status: COMPLETE
type: BACKUP
tenant: someTenant
requesterName: support
fileExists: true
created: '2024-02-20T22:08:31.064Z'
modified: '2024-02-20T22:13:15.662Z'
completed: '2024-02-20T22:08:31.689Z'
name: something new
userCanDelete: false
isPartial: false
backupType: UPLOADED
hydrationStatus: HYDRATED
totalObjectCount: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteUploadedConfiguration
security:
- userAuth:
- 'sp:config-backup:manage'
tags:
- Configuration Hub
summary: Delete an uploaded configuration
description: |-
This API deletes an uploaded configuration based on Id.
On success, this endpoint will return an empty response.
The uploaded configuration id can be obtained from the response after a successful upload, or the list uploaded configurations endpoint.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The id of the uploaded configuration.
example: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/configuration-hub/backups:
get:
operationId: listBackups
security:
- userAuth:
- 'sp:config-backup:read'
- 'sp:config-backup:manage'
tags:
- Configuration Hub
summary: List backups
description: This API gets a list of existing backups for the current tenant.
parameters:
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**status**: *eq*
example: status eq "COMPLETE"
required: false
responses:
'200':
description: List of existing backups.
content:
application/json:
schema:
type: array
items:
type: object
properties:
jobId:
type: string
description: Unique id assigned to this backup.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the backup.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, will always be BACKUP for this type of job.'
enum:
- BACKUP
example: BACKUP
tenant:
type: string
description: The name of the tenant performing the upload
example: tenant-name
requesterName:
type: string
description: The name of the requester.
example: Requester Name
fileExists:
type: boolean
default: true
description: Whether or not a file was created and stored for this backup.
example: true
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
completed:
type: string
format: date-time
description: The time the job was completed.
example: '2021-05-11T22:23:16Z'
name:
type: string
description: The name assigned to the upload file in the request body.
example: Backup Name
userCanDelete:
type: boolean
default: true
description: Whether this backup can be deleted by a regular user.
example: false
isPartial:
type: boolean
default: false
description: Whether this backup contains all supported object types or only some of them.
example: false
backupType:
type: string
description: |-
Denotes how this backup was created.
- MANUAL - The backup was created by a user.
- AUTOMATED - The backup was created by devops.
- AUTOMATED_DRAFT - The backup was created during a draft process.
- UPLOADED - The backup was created by uploading an existing configuration file.
enum:
- UPLOADED
- AUTOMATED
- MANUAL
example: MANUAL
options:
type: object
nullable: true
description: Backup options control what will be included in the backup.
properties:
includeTypes:
type: array
description: Object type names to be included in a Configuration Hub backup command.
items:
type: string
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: TRIGGER_SUBSCRIPTION
objectOptions:
description: Additional options targeting specific objects related to each item in the includeTypes field.
type: object
additionalProperties:
type: object
properties:
includedNames:
description: Object names to be included in a backup.
type: array
items:
type: string
example: Test Object name
example:
TRIGGER_SUBSCRIPTION:
includedNames:
- Trigger Subscription name
hydrationStatus:
type: string
description: Whether the object details of this backup are ready.
enum:
- HYDRATED
- NOT_HYDRATED
example: NOT_HYDRATED
totalObjectCount:
type: integer
format: int64
description: Number of objects contained in this backup.
example: 10
cloudStorageStatus:
type: string
description: Whether this backup has been transferred to a customer storage location.
enum:
- SYNCED
- NOT_SYNCED
- SYNC_FAILED
example: SYNCED
example:
- jobId: 09491993-9cb6-49a7-8d37-8bef54d33502
status: COMPLETE
type: BACKUP
tenant: tenant-name
requesterName: Requester Name
fileExists: true
created: '2024-02-19T19:54:15.373Z'
modified: '2024-02-19T20:39:00.341Z'
completed: '2024-02-19T19:54:15.605Z'
name: Backup name
userCanDelete: false
isPartial: true
backupType: MANUAL
options:
includeTypes:
- SOURCE
objectOptions:
SOURCE:
includedNames:
- Source Name
hydrationStatus: HYDRATED
totalObjectCount: 2
cloudStorageStatus: SYNCED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/backups/{id}':
delete:
operationId: deleteBackup
security:
- userAuth:
- 'sp:config-backup:manage'
tags:
- Configuration Hub
summary: Delete a backup
description: |-
This API deletes an existing backup for the current tenant.
On success, this endpoint will return an empty response.
The backup id can be obtained from the response after a backup was successfully created, or from the list backups endpoint.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The id of the backup to delete.
example: 07659d7d-2cce-47c0-9e49-185787ee565a
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/configuration-hub/drafts:
get:
operationId: listDrafts
security:
- userAuth:
- 'sp:config-draft:read'
- 'sp:config-draft:manage'
tags:
- Configuration Hub
summary: List drafts
description: This API gets a list of existing drafts for the current tenant.
parameters:
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**status**: *eq*
**approvalStatus**: *eq*
example: status eq "COMPLETE"
required: false
responses:
'200':
description: List of existing drafts.
content:
application/json:
schema:
type: array
items:
type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 07659d7d-2cce-47c0-9e49-185787ee565a
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, will always be CREATE_DRAFT for this type of job.'
enum:
- CREATE_DRAFT
example: CREATE_DRAFT
message:
type: string
description: Message providing information about the outcome of the draft process.
example: Draft creation message
requesterName:
type: string
description: The name of user that that initiated the draft process.
example: requester.name
fileExists:
type: boolean
default: true
description: Whether or not a file was generated for this draft.
example: true
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
completed:
type: string
format: date-time
description: The time the job was completed.
example: '2021-05-11T22:23:16Z'
name:
type: string
description: Name of the draft.
example: Draft name
sourceTenant:
type: string
description: Tenant owner of the backup from which the draft was generated.
example: source-tenant
sourceBackupId:
type: string
description: Id of the backup from which the draft was generated.
example: 549bf881-1ac4-4a64-9acf-6014e8a3a887
sourceBackupName:
type: string
description: Name of the backup from which the draft was generated.
example: Source backup name
mode:
type: string
description: |-
Denotes the origin of the source backup from which the draft was generated.
- RESTORE - Same tenant.
- PROMOTE - Different tenant.
- UPLOAD - Uploaded configuration.
enum:
- RESTORE
- PROMOTE
- UPLOAD
example: RESTORE
approvalStatus:
type: string
description: Approval status of the draft used to determine whether or not the draft can be deployed.
enum:
- DEFAULT
- PENDING_APPROVAL
- APPROVED
- DENIED
example: APPROVED
approvalComment:
type: array
description: List of comments that have been exchanged between an approval requester and an approver.
items:
type: object
title: Approval Comment
required:
- comment
- timestamp
- user
- id
- changedToStatus
properties:
comment:
type: string
description: Comment provided either by the approval requester or the approver.
example: Approval comment
timestamp:
type: string
format: date-time
description: The time when this comment was provided.
example: '2021-05-11T22:23:16Z'
user:
type: string
description: Name of the user that provided this comment.
example: user.name
id:
type: string
description: Id of the user that provided this comment.
example: 549bf881-1ac4-4a64-9acf-6014e8a3a887
changedToStatus:
type: string
description: Status transition of the draft.
enum:
- PENDING_APPROVAL
- APPROVED
- REJECTED
example: PENDING_APPROVAL
example:
- jobId: 07659d7d-2cce-47c0-9e49-185787ee565a
status: COMPLETE
type: CREATE_DRAFT
message: Draft creation message
requesterName: Requester Name
fileExists: true
created: '2024-08-16T14:16:58.389Z'
completed: '2024-08-16T14:17:12.355Z'
name: Draft Name
sourceTenant: source-tenant
sourceBackupId: 9393e1f5-bed6-4fa8-80fb-6f86b19bd3d6
sourceBackupName: Source Backup Name
mode: RESTORE
approvalStatus: DEFAULT
approvalComment:
- comment: Approval comment
timestamp: '2024-08-26T19:32:46.384137Z'
user: User name
id: User id
changedToStatus: PENDING_FOR_APPROVAL
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/drafts/{id}':
delete:
operationId: deleteDraft
security:
- userAuth:
- 'sp:config-draft:manage'
tags:
- Configuration Hub
summary: Delete a draft
description: |-
This API deletes an existing draft for the current tenant.
On success, this endpoint will return an empty response.
The draft id can be obtained from the response after a draft was successfully created, or from the list drafts endpoint.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The id of the draft to delete.
example: 07659d7d-2cce-47c0-9e49-185787ee565a
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/configuration-hub/deploys:
get:
operationId: listDeploys
security:
- userAuth:
- 'sp:config-deploy:read'
- 'sp:config-deploy:manage'
tags:
- Configuration Hub
summary: List deploys
description: This API gets a list of deploys for the current tenant.
responses:
'200':
description: List of existing deploys.
content:
application/json:
schema:
type: object
properties:
items:
type: array
description: list of deployments
items:
type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 07659d7d-2cce-47c0-9e49-185787ee565a
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, will always be CONFIG_DEPLOY_DRAFT for this type of job.'
enum:
- CONFIG_DEPLOY_DRAFT
example: CONFIG_DEPLOY_DRAFT
message:
type: string
description: Message providing information about the outcome of the deploy process.
example: Deploy creation message
requesterName:
type: string
description: The name of the user that initiated the deploy process.
example: requester.name
fileExists:
type: boolean
default: true
description: Whether or not a results file was created and stored for this deploy.
example: true
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
completed:
type: string
format: date-time
description: The time the job was completed.
example: '2021-05-11T22:23:16Z'
draftId:
type: string
description: The id of the draft that was used for this deploy.
example: 07659d7d-2cce-47c0-9e49-185787ee565a
draftName:
type: string
description: The name of the draft that was used for this deploy.
example: Draft Name
cloudStorageStatus:
type: string
description: Whether this deploy results file has been transferred to a customer storage location.
enum:
- SYNCED
- NOT_SYNCED
- SYNC_FAILED
example: SYNCED
example:
items:
- jobId: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b
status: COMPLETE
type: CONFIG_DEPLOY_DRAFT
message: Deploy outcome message
requesterName: requester.name
fileExists: true
created: '2023-08-29T01:54:37.069Z'
modified: '2024-07-15T16:53:45.925Z'
completed: '2023-08-29T01:54:41.924Z'
draftId: 925e34e3-fa7c-4e7a-9b9a-cf3b8b4b1068
draftName: Source draft name
cloudStorageStatus: SYNCED
- jobId: bdbcaae6-5e2a-4ebd-9eb3-37b09ec7eea4
status: FAILED
type: CONFIG_DEPLOY_DRAFT
message: Deploy outcome message
requesterName: requester.name
fileExists: true
created: '2023-07-20T18:38:00.812Z'
modified: '2024-07-15T16:53:59.778Z'
completed: '2023-07-20T18:38:01.783Z'
draftId: e04da89d-941f-41e8-83ab-dd185ef5e646
draftName: Source draft name
cloudStorageStatus: NOT_SYNCED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createDeploy
security:
- userAuth:
- 'sp:config-deploy:manage'
tags:
- Configuration Hub
summary: Create a deploy
description: This API performs a deploy based on an existing daft.
requestBody:
description: The deploy request body.
required: true
content:
application/json:
schema:
type: object
title: Deploy Request
required:
- draftId
properties:
draftId:
type: string
description: The id of the draft to be used by this deploy.
example: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b
example:
draftId: c9a38d8c-5edf-4182-9d39-f6581d3ebd05
responses:
'202':
description: Deploy job accepted and queued for processing.
content:
application/json:
schema:
type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 07659d7d-2cce-47c0-9e49-185787ee565a
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, will always be CONFIG_DEPLOY_DRAFT for this type of job.'
enum:
- CONFIG_DEPLOY_DRAFT
example: CONFIG_DEPLOY_DRAFT
message:
type: string
description: Message providing information about the outcome of the deploy process.
example: Deploy creation message
requesterName:
type: string
description: The name of the user that initiated the deploy process.
example: requester.name
fileExists:
type: boolean
default: true
description: Whether or not a results file was created and stored for this deploy.
example: true
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
completed:
type: string
format: date-time
description: The time the job was completed.
example: '2021-05-11T22:23:16Z'
draftId:
type: string
description: The id of the draft that was used for this deploy.
example: 07659d7d-2cce-47c0-9e49-185787ee565a
draftName:
type: string
description: The name of the draft that was used for this deploy.
example: Draft Name
cloudStorageStatus:
type: string
description: Whether this deploy results file has been transferred to a customer storage location.
enum:
- SYNCED
- NOT_SYNCED
- SYNC_FAILED
example: SYNCED
example:
jobId: ce928190-b50a-4e9a-9854-b56959be8bb1
status: NOT_STARTED
type: CONFIG_DEPLOY_DRAFT
requesterName: support
fileExists: false
created: '2024-09-19T19:28:58.503Z'
modified: '2024-09-19T19:28:58.509Z'
draftId: ebee8250-841f-41de-b74f-288b81137d12
draftName: Draft for 46207915-854f-4894-8723-782fdcc677d6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/configuration-hub/deploys/{id}':
get:
operationId: getDeploy
security:
- userAuth:
- 'sp:config-deploy:read'
- 'sp:config-deploy:manage'
tags:
- Configuration Hub
summary: Get a deploy
description: This API gets an existing deploy for the current tenant.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The id of the deploy.
example: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b
responses:
'200':
description: Gets the details of a deploy.
content:
application/json:
schema:
type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 07659d7d-2cce-47c0-9e49-185787ee565a
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, will always be CONFIG_DEPLOY_DRAFT for this type of job.'
enum:
- CONFIG_DEPLOY_DRAFT
example: CONFIG_DEPLOY_DRAFT
message:
type: string
description: Message providing information about the outcome of the deploy process.
example: Deploy creation message
requesterName:
type: string
description: The name of the user that initiated the deploy process.
example: requester.name
fileExists:
type: boolean
default: true
description: Whether or not a results file was created and stored for this deploy.
example: true
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
completed:
type: string
format: date-time
description: The time the job was completed.
example: '2021-05-11T22:23:16Z'
draftId:
type: string
description: The id of the draft that was used for this deploy.
example: 07659d7d-2cce-47c0-9e49-185787ee565a
draftName:
type: string
description: The name of the draft that was used for this deploy.
example: Draft Name
cloudStorageStatus:
type: string
description: Whether this deploy results file has been transferred to a customer storage location.
enum:
- SYNCED
- NOT_SYNCED
- SYNC_FAILED
example: SYNCED
example:
jobId: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b
status: COMPLETE
type: CONFIG_DEPLOY_DRAFT
message: Deploy outcome message
requesterName: requester.name
fileExists: true
created: '2023-08-29T01:54:37.069Z'
modified: '2024-07-15T16:53:45.925Z'
completed: '2023-08-29T01:54:41.924Z'
draftId: 925e34e3-fa7c-4e7a-9b9a-cf3b8b4b1068
draftName: Source draft name
cloudStorageStatus: SYNCED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/connectors/{scriptName}':
get:
tags:
- Connectors
operationId: getConnector
summary: Get connector by script name
description: 'Fetches a connector that using its script name. '
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation.
required: true
x-sailpoint-resource-operation-id: getConnectorList
style: simple
explode: false
schema:
type: string
example: aScriptName
- in: query
name: locale
required: false
schema:
type: string
enum:
- de
- 'no'
- fi
- sv
- ru
- pt
- ko
- zh-TW
- en
- it
- fr
- zh-CN
- hu
- es
- cs
- ja
- pl
- da
- nl
example: de
description: 'The locale to apply to the config. If no viable locale is given, it will default to "en"'
responses:
'200':
description: A Connector Dto object
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: The connector name
example: name
type:
type: string
description: The connector type
example: ServiceNow
className:
type: string
description: The connector class name
example: class name
scriptName:
type: string
description: The connector script name
example: servicenow
applicationXml:
type: string
description: The connector application xml
example: |
correlationConfigXml:
type: string
description: The connector correlation config xml
example: "\n\n\n\n\n\n\t\n\t\t\n\t\t\n\t\t\n\t\n\n"
sourceConfigXml:
type: string
description: The connector source config xml
example: |-
sourceConfig:
type: string
nullable: true
description: The connector source config
example: |-
sourceConfigFrom:
type: string
nullable: true
description: The connector source config origin
example: sp-connect
s3Location:
type: string
description: storage path key for this connector
example: custom-connector/scriptname
uploadedFiles:
type: array
description: The list of uploaded files supported by the connector. If there was any executable files uploaded to thee connector. Typically this be empty as the executable be uploaded at source creation.
nullable: true
items:
type: string
example:
- pod/org/connectorFiles/testconnector/test1.jar
fileUpload:
type: boolean
description: true if the source is file upload
example: true
default: false
directConnect:
type: boolean
description: true if the source is a direct connect source
example: true
default: false
translationProperties:
type: object
description: A map containing translation attributes by loacale key
additionalProperties: true
example:
de: |-
# Copyright (C) 2024 SailPoint Technologies, Inc. All rights reserved.
# DO NOT EDIT. This file is generated by "sailpointTranslate" command.
menuLabel_ConnectionSettings=Verbindungseinstellungen
menuLabel_AggregationSettings=Aggregationseinstellungen
sectionLabel_AuthenticationSettings=Verbindungseinstellungen
sectionLabel_AggregationSettings=Aggregationseinstellungen
sectionInfo_AuthenticationSettings=Konfigurieren Sie eine direkte Verbindung zwischen der Quelle Delinea Secret Server On-Premise und IdentityNow.
Geben Sie bei Zeit\u00fcberschreitung bei Verbindung die maximal erlaubte Zeitdauer (in Minuten) f\u00fcr die Verbindung von IdentityNow mit der Quelle ein.
Geben Sie die Host-URL der Delinea-SCIM-Serverquelle ein.
Geben Sie den API-Token der Quelle zur Authentifizierung ein.
sectionInfo_AggregationSettings=Geben Sie die Einstellungen f\u00fcr Ihre Aggregation an.
Geben Sie in das Feld Seitengr\u00f6\u00dfe die Anzahl an Kontoeintr\u00e4gen ein, die auf einer einzelnen Seite aggregiert werden sollen, wenn gro\u00dfe Datens\u00e4tze durchlaufen werden. \n Geben Sie im Kontofilter die Bedingungen f\u00fcr den Kontofilter an. Beispiel: userName sw "S"
Geben Sie im Gruppenfilter die Gruppenfilterbedingungen an. Beispiel: displayName sw "S".
placeHolder_accAggregation=userName sw "S"
placeHolder_grpAggregation=displayName sw "S"
placeHolder_host=https://{Delinea_SCIM_Server_host}/v2
docLinkLabel_AuthenticationSettings=Mehr \u00fcber Verbindungseinstellungen
docLinkLabel_Filters=Mehr \u00fcber Konto- und Gruppenfilter
HostURL=Host-URL
ConnectionTimeout=Zeit\u00fcberschreitung bei Verbindung
API_TOKEN=API-Token
JSONPathMapping=JSON-Path-Attribut-Mapping
FilterConditionForAccounts=Kontofilter
FilterConditionForGroups=Gruppenfilter
Page_Size=Seitengr\u00f6\u00dfe
SchemaAttribute=Schema-Attribut
JSONpath=JSON-Pfad
ShortDesc=Das Integrationsmodul IdentityNow f\u00fcr Delinea Secret Server On-Premise bietet die M\u00f6glichkeit einer tiefen Governance f\u00fcr Konten und Gruppen. Es unterst\u00fctzt au\u00dferdem das End-to-End-Lebenszyklus-Management.
connectorMetadata:
type: object
description: A map containing metadata pertinent to the UI to be used
additionalProperties: true
example:
supportedUI: EXTJS
platform: ccg
shortDesc: connector description
status:
type: string
enum:
- DEPRECATED
- DEVELOPMENT
- DEMO
- RELEASED
description: The connector status
example: RELEASED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:connector-config:read'
- 'idn:connector-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
delete:
tags:
- Connectors
operationId: deleteCustomConnector
summary: Delete connector by script name
description: Delete a custom connector that using its script name.
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation.
required: true
x-sailpoint-resource-operation-id: getConnectorList
style: simple
explode: false
schema:
type: string
example: aScriptName
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:connector-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
patch:
tags:
- Connectors
operationId: updateConnector
summary: Update connector by script name
description: |
This API updates a custom connector by script name using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
The following fields are patchable:
* connectorMetadata
* applicationXml
* correlationConfigXml
* sourceConfigXml
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation.
required: true
x-sailpoint-resource-operation-id: getConnectorList
style: simple
explode: false
schema:
type: string
example: aScriptName
requestBody:
required: true
description: |
A list of connector detail update operations
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
responses:
'200':
description: A updated Connector Dto object
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: The connector name
example: name
type:
type: string
description: The connector type
example: ServiceNow
className:
type: string
description: The connector class name
example: class name
scriptName:
type: string
description: The connector script name
example: servicenow
applicationXml:
type: string
description: The connector application xml
example: |
correlationConfigXml:
type: string
description: The connector correlation config xml
example: "\n\n\n\n\n\n\t\n\t\t\n\t\t\n\t\t\n\t\n\n"
sourceConfigXml:
type: string
description: The connector source config xml
example: |-
sourceConfig:
type: string
nullable: true
description: The connector source config
example: |-
sourceConfigFrom:
type: string
nullable: true
description: The connector source config origin
example: sp-connect
s3Location:
type: string
description: storage path key for this connector
example: custom-connector/scriptname
uploadedFiles:
type: array
description: The list of uploaded files supported by the connector. If there was any executable files uploaded to thee connector. Typically this be empty as the executable be uploaded at source creation.
nullable: true
items:
type: string
example:
- pod/org/connectorFiles/testconnector/test1.jar
fileUpload:
type: boolean
description: true if the source is file upload
example: true
default: false
directConnect:
type: boolean
description: true if the source is a direct connect source
example: true
default: false
translationProperties:
type: object
description: A map containing translation attributes by loacale key
additionalProperties: true
example:
de: |-
# Copyright (C) 2024 SailPoint Technologies, Inc. All rights reserved.
# DO NOT EDIT. This file is generated by "sailpointTranslate" command.
menuLabel_ConnectionSettings=Verbindungseinstellungen
menuLabel_AggregationSettings=Aggregationseinstellungen
sectionLabel_AuthenticationSettings=Verbindungseinstellungen
sectionLabel_AggregationSettings=Aggregationseinstellungen
sectionInfo_AuthenticationSettings=Konfigurieren Sie eine direkte Verbindung zwischen der Quelle Delinea Secret Server On-Premise und IdentityNow.
Geben Sie bei Zeit\u00fcberschreitung bei Verbindung die maximal erlaubte Zeitdauer (in Minuten) f\u00fcr die Verbindung von IdentityNow mit der Quelle ein.
Geben Sie die Host-URL der Delinea-SCIM-Serverquelle ein.
Geben Sie den API-Token der Quelle zur Authentifizierung ein.
sectionInfo_AggregationSettings=Geben Sie die Einstellungen f\u00fcr Ihre Aggregation an.
Geben Sie in das Feld Seitengr\u00f6\u00dfe die Anzahl an Kontoeintr\u00e4gen ein, die auf einer einzelnen Seite aggregiert werden sollen, wenn gro\u00dfe Datens\u00e4tze durchlaufen werden. \n Geben Sie im Kontofilter die Bedingungen f\u00fcr den Kontofilter an. Beispiel: userName sw "S"
Geben Sie im Gruppenfilter die Gruppenfilterbedingungen an. Beispiel: displayName sw "S".
placeHolder_accAggregation=userName sw "S"
placeHolder_grpAggregation=displayName sw "S"
placeHolder_host=https://{Delinea_SCIM_Server_host}/v2
docLinkLabel_AuthenticationSettings=Mehr \u00fcber Verbindungseinstellungen
docLinkLabel_Filters=Mehr \u00fcber Konto- und Gruppenfilter
HostURL=Host-URL
ConnectionTimeout=Zeit\u00fcberschreitung bei Verbindung
API_TOKEN=API-Token
JSONPathMapping=JSON-Path-Attribut-Mapping
FilterConditionForAccounts=Kontofilter
FilterConditionForGroups=Gruppenfilter
Page_Size=Seitengr\u00f6\u00dfe
SchemaAttribute=Schema-Attribut
JSONpath=JSON-Pfad
ShortDesc=Das Integrationsmodul IdentityNow f\u00fcr Delinea Secret Server On-Premise bietet die M\u00f6glichkeit einer tiefen Governance f\u00fcr Konten und Gruppen. Es unterst\u00fctzt au\u00dferdem das End-to-End-Lebenszyklus-Management.
connectorMetadata:
type: object
description: A map containing metadata pertinent to the UI to be used
additionalProperties: true
example:
supportedUI: EXTJS
platform: ccg
shortDesc: connector description
status:
type: string
enum:
- DEPRECATED
- DEVELOPMENT
- DEMO
- RELEASED
description: The connector status
example: RELEASED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:connector-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
/connectors:
get:
tags:
- Connectors
operationId: getConnectorList
summary: Get connector list
description: Fetches list of connectors that have 'RELEASED' status using filtering and pagination.
parameters:
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw, co*
**type**: *sw, co, eq*
**directConnect**: *eq*
**category**: *eq*
**features**: *ca*
**labels**: *ca*
example: directConnect eq "true"
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: locale
required: false
schema:
type: string
enum:
- de
- 'no'
- fi
- sv
- ru
- pt
- ko
- zh-TW
- en
- it
- fr
- zh-CN
- hu
- es
- cs
- ja
- pl
- da
- nl
example: de
description: 'The locale to apply to the config. If no viable locale is given, it will default to "en"'
responses:
'200':
description: A Connector Dto object
content:
application/json:
schema:
type: array
items:
title: custom connector response object
type: object
properties:
name:
type: string
description: The connector name
example: name
type:
type: string
description: The connector type
example: ServiceNow
scriptName:
type: string
description: The connector script name
example: servicenow
className:
type: string
nullable: true
description: The connector class name.
example: sailpoint.connector.OpenConnectorAdapter
features:
type: array
description: The list of features supported by the connector
nullable: true
items:
type: string
example:
- PROVISIONING
- SYNC_PROVISIONING
- SEARCH
- UNSTRUCTURED_TARGETS
directConnect:
type: boolean
description: true if the source is a direct connect source
example: true
default: false
connectorMetadata:
type: object
additionalProperties: true
description: A map containing metadata pertinent to the connector
example:
supportedUI: ANGULAR
platform: ccg
shortDesc: connector description
status:
type: string
enum:
- DEPRECATED
- DEVELOPMENT
- DEMO
- RELEASED
description: The connector status
example: RELEASED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:connector-config:read'
- 'idn:connector-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
post:
tags:
- Connectors
operationId: createCustomConnector
summary: Create custom connector
description: 'Create custom connector. '
requestBody:
required: true
content:
application/json:
schema:
title: custom connector create request
type: object
required:
- name
- className
properties:
name:
type: string
description: The connector name. Need to be unique per tenant. The name will able be used to derive a url friendly unique scriptname that will be in response. Script name can then be used for all update endpoints
example: custom connector
type:
type: string
description: The connector type. If not specified will be defaulted to 'custom '+name
example: custom connector type
className:
type: string
description: 'The connector class name. If you are implementing openconnector standard (what is recommended), then this need to be set to sailpoint.connector.OpenConnectorAdapter'
example: sailpoint.connector.OpenConnectorAdapter
directConnect:
type: boolean
description: true if the source is a direct connect source
default: true
example: true
status:
type: string
enum:
- DEVELOPMENT
- DEMO
- RELEASED
description: The connector status
example: RELEASED
responses:
'200':
description: A Connector Dto object
content:
application/json:
schema:
title: custom connector response object
type: object
properties:
name:
type: string
description: The connector name
example: name
type:
type: string
description: The connector type
example: ServiceNow
scriptName:
type: string
description: The connector script name
example: servicenow
className:
type: string
nullable: true
description: The connector class name.
example: sailpoint.connector.OpenConnectorAdapter
features:
type: array
description: The list of features supported by the connector
nullable: true
items:
type: string
example:
- PROVISIONING
- SYNC_PROVISIONING
- SEARCH
- UNSTRUCTURED_TARGETS
directConnect:
type: boolean
description: true if the source is a direct connect source
example: true
default: false
connectorMetadata:
type: object
additionalProperties: true
description: A map containing metadata pertinent to the connector
example:
supportedUI: ANGULAR
platform: ccg
shortDesc: connector description
status:
type: string
enum:
- DEPRECATED
- DEVELOPMENT
- DEMO
- RELEASED
description: The connector status
example: RELEASED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:connector-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
'/connectors/{scriptName}/source-config':
get:
tags:
- Connectors
operationId: getConnectorSourceConfig
summary: Get connector source configuration
description: 'Fetches a connector''s source config using its script name. '
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation.
required: true
x-sailpoint-resource-operation-id: getConnectorList
style: simple
explode: false
schema:
type: string
example: aScriptName
responses:
'200':
description: The connector's source template
content:
application/xml:
schema:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:connector-config:read'
- 'idn:connector-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
put:
tags:
- Connectors
operationId: putConnectorSourceConfig
summary: Update connector source configuration
description: 'Update a connector''s source config using its script name. '
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation.
required: true
x-sailpoint-resource-operation-id: getConnectorList
style: simple
explode: false
schema:
type: string
example: aScriptName
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
required:
- file
properties:
file:
type: string
description: connector source config xml file
format: binary
responses:
'200':
description: The connector's update detail
content:
application/json:
schema:
type: object
properties:
message:
type: string
description: The detailed message for an update. Typically the relevent error message when status is error.
example: 'unsupported xsd version, please ensure latest xsd version http://www.sailpoint.com/xsd/sailpoint_form_2_0.xsd is used for source config'
scriptName:
type: string
description: The connector script name
example: servicenow
updatedFiles:
type: array
description: The list of updated files supported by the connector
nullable: true
items:
type: string
example:
- pod/org/connectorFiles/testconnector/test1.jar
status:
type: string
enum:
- ERROR
- UPDATED
- UNCHANGED
- SKIPPED
description: The connector update status
example: ERROR
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:connector-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
'/connectors/{scriptName}/translations/{locale}':
get:
tags:
- Connectors
operationId: getConnectorTranslations
summary: Get connector translations
description: 'Fetches a connector''s translations using its script name. '
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
x-sailpoint-resource-operation-id: getConnectorList
style: simple
explode: false
schema:
type: string
example: aScriptName
- name: locale
in: path
required: true
schema:
type: string
enum:
- de
- 'no'
- fi
- sv
- ru
- pt
- ko
- zh-TW
- en
- it
- fr
- zh-CN
- hu
- es
- cs
- ja
- pl
- da
- nl
example: de
description: 'The locale to apply to the config. If no viable locale is given, it will default to "en"'
responses:
'200':
description: The connector's translations
content:
text/plain:
schema:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:connector-config:read'
- 'idn:connector-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
put:
tags:
- Connectors
operationId: putConnectorTranslations
summary: Update connector translations
description: 'Update a connector''s translations using its script name. '
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
x-sailpoint-resource-operation-id: getConnectorList
style: simple
explode: false
schema:
type: string
example: aScriptName
- name: locale
in: path
required: true
schema:
type: string
enum:
- de
- 'no'
- fi
- sv
- ru
- pt
- ko
- zh-TW
- en
- it
- fr
- zh-CN
- hu
- es
- cs
- ja
- pl
- da
- nl
example: de
description: 'The locale to apply to the config. If no viable locale is given, it will default to "en"'
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
responses:
'200':
description: The connector's update detail
content:
application/json:
schema:
type: object
properties:
message:
type: string
description: The detailed message for an update. Typically the relevent error message when status is error.
example: 'unsupported xsd version, please ensure latest xsd version http://www.sailpoint.com/xsd/sailpoint_form_2_0.xsd is used for source config'
scriptName:
type: string
description: The connector script name
example: servicenow
updatedFiles:
type: array
description: The list of updated files supported by the connector
nullable: true
items:
type: string
example:
- pod/org/connectorFiles/testconnector/test1.jar
status:
type: string
enum:
- ERROR
- UPDATED
- UNCHANGED
- SKIPPED
description: The connector update status
example: ERROR
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:connector-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
'/connectors/{scriptName}/source-template':
get:
tags:
- Connectors
operationId: getConnectorSourceTemplate
summary: Get connector source template
description: 'Fetches a connector''s source template using its script name. '
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation.
required: true
x-sailpoint-resource-operation-id: getConnectorList
style: simple
explode: false
schema:
type: string
example: aScriptName
responses:
'200':
description: The connector's source template
content:
application/xml:
schema:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:connector-config:read'
- 'idn:connector-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
put:
tags:
- Connectors
operationId: putConnectorSourceTemplate
summary: Update connector source template
description: 'Update a connector''s source template using its script name. '
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation.
required: true
x-sailpoint-resource-operation-id: getConnectorList
style: simple
explode: false
schema:
type: string
example: aScriptName
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
required:
- file
properties:
file:
type: string
description: connector source template xml file
format: binary
responses:
'200':
description: The connector's update detail
content:
application/json:
schema:
type: object
properties:
message:
type: string
description: The detailed message for an update. Typically the relevent error message when status is error.
example: 'unsupported xsd version, please ensure latest xsd version http://www.sailpoint.com/xsd/sailpoint_form_2_0.xsd is used for source config'
scriptName:
type: string
description: The connector script name
example: servicenow
updatedFiles:
type: array
description: The list of updated files supported by the connector
nullable: true
items:
type: string
example:
- pod/org/connectorFiles/testconnector/test1.jar
status:
type: string
enum:
- ERROR
- UPDATED
- UNCHANGED
- SKIPPED
description: The connector update status
example: ERROR
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:connector-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
'/connectors/{scriptName}/correlation-config':
get:
tags:
- Connectors
operationId: getConnectorCorrelationConfig
summary: Get connector correlation configuration
description: 'Fetches a connector''s correlation config using its script name. '
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
x-sailpoint-resource-operation-id: getConnectorList
style: simple
explode: false
schema:
type: string
example: aScriptName
responses:
'200':
description: The connector's correlation config
content:
application/xml:
schema:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:connector-config:read'
- 'idn:connector-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
put:
tags:
- Connectors
operationId: putConnectorCorrelationConfig
summary: Update connector correlation configuration
description: 'Update a connector''s correlation config using its script name. '
parameters:
- name: scriptName
in: path
description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation.
required: true
x-sailpoint-resource-operation-id: getConnectorList
style: simple
explode: false
schema:
type: string
example: aScriptName
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
required:
- file
properties:
file:
type: string
description: connector correlation config xml file
format: binary
responses:
'200':
description: The connector's update detail
content:
application/json:
schema:
type: object
properties:
message:
type: string
description: The detailed message for an update. Typically the relevent error message when status is error.
example: 'unsupported xsd version, please ensure latest xsd version http://www.sailpoint.com/xsd/sailpoint_form_2_0.xsd is used for source config'
scriptName:
type: string
description: The connector script name
example: servicenow
updatedFiles:
type: array
description: The list of updated files supported by the connector
nullable: true
items:
type: string
example:
- pod/org/connectorFiles/testconnector/test1.jar
status:
type: string
enum:
- ERROR
- UPDATED
- UNCHANGED
- SKIPPED
description: The connector update status
example: ERROR
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:connector-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
/connector-rules:
get:
tags:
- Connector Rule Management
operationId: getConnectorRuleList
summary: List connector rules
description: List existing connector rules.
responses:
'200':
description: List of connector rules.
content:
application/json:
schema:
type: array
items:
description: ConnectorRuleResponse
allOf:
- description: ConnectorRuleCreateRequest
type: object
required:
- name
- type
- sourceCode
properties:
name:
type: string
description: the name of the rule
example: WebServiceBeforeOperationRule
minLength: 1
maxLength: 128
description:
type: string
nullable: true
description: a description of the rule's purpose
example: This rule does that
type:
type: string
enum:
- BuildMap
- ConnectorAfterCreate
- ConnectorAfterDelete
- ConnectorAfterModify
- ConnectorBeforeCreate
- ConnectorBeforeDelete
- ConnectorBeforeModify
- JDBCBuildMap
- JDBCOperationProvisioning
- JDBCProvision
- PeopleSoftHRMSBuildMap
- PeopleSoftHRMSOperationProvisioning
- PeopleSoftHRMSProvision
- RACFPermissionCustomization
- ResourceObjectCustomization
- SAPBuildMap
- SapHrManagerRule
- SapHrOperationProvisioning
- SapHrProvision
- SuccessFactorsOperationProvisioning
- WebServiceAfterOperationRule
- WebServiceBeforeOperationRule
- ResourceObjectCustomization
description: the type of rule
example: BuildMap
signature:
description: The rule's function signature. Describes the rule's input arguments and output (if any)
type: object
required:
- input
properties:
input:
type: array
items:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
nullable: true
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
output:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
nullable: true
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
sourceCode:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
attributes:
type: object
nullable: true
description: a map of string to objects
example: {}
- type: object
nullable: true
required:
- id
- created
properties:
id:
type: string
description: the ID of the rule
example: 8113d48c0b914f17b4c6072d4dcb9dfe
created:
type: string
description: an ISO 8601 UTC timestamp when this rule was created
example: '021-07-22T15:59:23Z'
modified:
type: string
nullable: true
description: an ISO 8601 UTC timestamp when this rule was last modified
example: '021-07-22T15:59:23Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:rule-management-connector:read'
- 'idn:rule-management-connector:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
post:
tags:
- Connector Rule Management
operationId: createConnectorRule
summary: Create connector rule
description: Create a connector rule from the available types.
requestBody:
required: true
description: Connector rule to create.
content:
application/json:
schema:
description: ConnectorRuleCreateRequest
type: object
required:
- name
- type
- sourceCode
properties:
name:
type: string
description: the name of the rule
example: WebServiceBeforeOperationRule
minLength: 1
maxLength: 128
description:
type: string
nullable: true
description: a description of the rule's purpose
example: This rule does that
type:
type: string
enum:
- BuildMap
- ConnectorAfterCreate
- ConnectorAfterDelete
- ConnectorAfterModify
- ConnectorBeforeCreate
- ConnectorBeforeDelete
- ConnectorBeforeModify
- JDBCBuildMap
- JDBCOperationProvisioning
- JDBCProvision
- PeopleSoftHRMSBuildMap
- PeopleSoftHRMSOperationProvisioning
- PeopleSoftHRMSProvision
- RACFPermissionCustomization
- ResourceObjectCustomization
- SAPBuildMap
- SapHrManagerRule
- SapHrOperationProvisioning
- SapHrProvision
- SuccessFactorsOperationProvisioning
- WebServiceAfterOperationRule
- WebServiceBeforeOperationRule
- ResourceObjectCustomization
description: the type of rule
example: BuildMap
signature:
description: The rule's function signature. Describes the rule's input arguments and output (if any)
type: object
required:
- input
properties:
input:
type: array
items:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
nullable: true
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
output:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
nullable: true
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
sourceCode:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
attributes:
type: object
nullable: true
description: a map of string to objects
example: {}
responses:
'201':
description: Created connector rule.
content:
application/json:
schema:
description: ConnectorRuleResponse
allOf:
- description: ConnectorRuleCreateRequest
type: object
required:
- name
- type
- sourceCode
properties:
name:
type: string
description: the name of the rule
example: WebServiceBeforeOperationRule
minLength: 1
maxLength: 128
description:
type: string
nullable: true
description: a description of the rule's purpose
example: This rule does that
type:
type: string
enum:
- BuildMap
- ConnectorAfterCreate
- ConnectorAfterDelete
- ConnectorAfterModify
- ConnectorBeforeCreate
- ConnectorBeforeDelete
- ConnectorBeforeModify
- JDBCBuildMap
- JDBCOperationProvisioning
- JDBCProvision
- PeopleSoftHRMSBuildMap
- PeopleSoftHRMSOperationProvisioning
- PeopleSoftHRMSProvision
- RACFPermissionCustomization
- ResourceObjectCustomization
- SAPBuildMap
- SapHrManagerRule
- SapHrOperationProvisioning
- SapHrProvision
- SuccessFactorsOperationProvisioning
- WebServiceAfterOperationRule
- WebServiceBeforeOperationRule
- ResourceObjectCustomization
description: the type of rule
example: BuildMap
signature:
description: The rule's function signature. Describes the rule's input arguments and output (if any)
type: object
required:
- input
properties:
input:
type: array
items:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
nullable: true
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
output:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
nullable: true
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
sourceCode:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
attributes:
type: object
nullable: true
description: a map of string to objects
example: {}
- type: object
nullable: true
required:
- id
- created
properties:
id:
type: string
description: the ID of the rule
example: 8113d48c0b914f17b4c6072d4dcb9dfe
created:
type: string
description: an ISO 8601 UTC timestamp when this rule was created
example: '021-07-22T15:59:23Z'
modified:
type: string
nullable: true
description: an ISO 8601 UTC timestamp when this rule was last modified
example: '021-07-22T15:59:23Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:rule-management-connector:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
'/connector-rules/{id}':
get:
tags:
- Connector Rule Management
summary: Get connector rule
operationId: getConnectorRule
description: Get a connector rule by ID.
parameters:
- name: id
in: path
description: ID of the connector rule to get.
required: true
x-sailpoint-resource-operation-id: getConnectorRuleList
style: simple
explode: false
schema:
type: string
example: 8c190e6787aa4ed9a90bd9d5344523fb
responses:
'200':
description: Connector rule with the given ID.
content:
application/json:
schema:
description: ConnectorRuleResponse
allOf:
- description: ConnectorRuleCreateRequest
type: object
required:
- name
- type
- sourceCode
properties:
name:
type: string
description: the name of the rule
example: WebServiceBeforeOperationRule
minLength: 1
maxLength: 128
description:
type: string
nullable: true
description: a description of the rule's purpose
example: This rule does that
type:
type: string
enum:
- BuildMap
- ConnectorAfterCreate
- ConnectorAfterDelete
- ConnectorAfterModify
- ConnectorBeforeCreate
- ConnectorBeforeDelete
- ConnectorBeforeModify
- JDBCBuildMap
- JDBCOperationProvisioning
- JDBCProvision
- PeopleSoftHRMSBuildMap
- PeopleSoftHRMSOperationProvisioning
- PeopleSoftHRMSProvision
- RACFPermissionCustomization
- ResourceObjectCustomization
- SAPBuildMap
- SapHrManagerRule
- SapHrOperationProvisioning
- SapHrProvision
- SuccessFactorsOperationProvisioning
- WebServiceAfterOperationRule
- WebServiceBeforeOperationRule
- ResourceObjectCustomization
description: the type of rule
example: BuildMap
signature:
description: The rule's function signature. Describes the rule's input arguments and output (if any)
type: object
required:
- input
properties:
input:
type: array
items:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
nullable: true
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
output:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
nullable: true
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
sourceCode:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
attributes:
type: object
nullable: true
description: a map of string to objects
example: {}
- type: object
nullable: true
required:
- id
- created
properties:
id:
type: string
description: the ID of the rule
example: 8113d48c0b914f17b4c6072d4dcb9dfe
created:
type: string
description: an ISO 8601 UTC timestamp when this rule was created
example: '021-07-22T15:59:23Z'
modified:
type: string
nullable: true
description: an ISO 8601 UTC timestamp when this rule was last modified
example: '021-07-22T15:59:23Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:rule-management-connector:read'
- 'idn:rule-management-connector:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
put:
tags:
- Connector Rule Management
summary: Update connector rule
description: 'Update an existing connector rule with the one provided in the request body. These fields are immutable: `id`, `name`, `type`'
operationId: putConnectorRule
parameters:
- name: id
in: path
description: ID of the connector rule to update.
required: true
x-sailpoint-resource-operation-id: getConnectorRuleList
style: simple
explode: false
schema:
type: string
example: 8c190e6787aa4ed9a90bd9d5344523fb
requestBody:
description: Connector rule with updated data.
content:
application/json:
schema:
description: ConnectorRuleUpdateRequest
allOf:
- type: object
required:
- id
properties:
id:
type: string
description: the ID of the rule to update
example: 8113d48c0b914f17b4c6072d4dcb9dfe
- description: ConnectorRuleCreateRequest
type: object
required:
- name
- type
- sourceCode
properties:
name:
type: string
description: the name of the rule
example: WebServiceBeforeOperationRule
minLength: 1
maxLength: 128
description:
type: string
nullable: true
description: a description of the rule's purpose
example: This rule does that
type:
type: string
enum:
- BuildMap
- ConnectorAfterCreate
- ConnectorAfterDelete
- ConnectorAfterModify
- ConnectorBeforeCreate
- ConnectorBeforeDelete
- ConnectorBeforeModify
- JDBCBuildMap
- JDBCOperationProvisioning
- JDBCProvision
- PeopleSoftHRMSBuildMap
- PeopleSoftHRMSOperationProvisioning
- PeopleSoftHRMSProvision
- RACFPermissionCustomization
- ResourceObjectCustomization
- SAPBuildMap
- SapHrManagerRule
- SapHrOperationProvisioning
- SapHrProvision
- SuccessFactorsOperationProvisioning
- WebServiceAfterOperationRule
- WebServiceBeforeOperationRule
- ResourceObjectCustomization
description: the type of rule
example: BuildMap
signature:
description: The rule's function signature. Describes the rule's input arguments and output (if any)
type: object
required:
- input
properties:
input:
type: array
items:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
nullable: true
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
output:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
nullable: true
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
sourceCode:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
attributes:
type: object
nullable: true
description: a map of string to objects
example: {}
responses:
'200':
description: Updated connector rule.
content:
application/json:
schema:
description: ConnectorRuleResponse
allOf:
- description: ConnectorRuleCreateRequest
type: object
required:
- name
- type
- sourceCode
properties:
name:
type: string
description: the name of the rule
example: WebServiceBeforeOperationRule
minLength: 1
maxLength: 128
description:
type: string
nullable: true
description: a description of the rule's purpose
example: This rule does that
type:
type: string
enum:
- BuildMap
- ConnectorAfterCreate
- ConnectorAfterDelete
- ConnectorAfterModify
- ConnectorBeforeCreate
- ConnectorBeforeDelete
- ConnectorBeforeModify
- JDBCBuildMap
- JDBCOperationProvisioning
- JDBCProvision
- PeopleSoftHRMSBuildMap
- PeopleSoftHRMSOperationProvisioning
- PeopleSoftHRMSProvision
- RACFPermissionCustomization
- ResourceObjectCustomization
- SAPBuildMap
- SapHrManagerRule
- SapHrOperationProvisioning
- SapHrProvision
- SuccessFactorsOperationProvisioning
- WebServiceAfterOperationRule
- WebServiceBeforeOperationRule
- ResourceObjectCustomization
description: the type of rule
example: BuildMap
signature:
description: The rule's function signature. Describes the rule's input arguments and output (if any)
type: object
required:
- input
properties:
input:
type: array
items:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
nullable: true
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
output:
type: object
nullable: true
properties:
name:
type: string
description: the name of the argument
example: firstName
description:
type: string
nullable: true
description: the description of the argument
example: the first name of the identity
type:
type: string
nullable: true
description: the programmatic type of the argument
example: String
required:
- name
sourceCode:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
attributes:
type: object
nullable: true
description: a map of string to objects
example: {}
- type: object
nullable: true
required:
- id
- created
properties:
id:
type: string
description: the ID of the rule
example: 8113d48c0b914f17b4c6072d4dcb9dfe
created:
type: string
description: an ISO 8601 UTC timestamp when this rule was created
example: '021-07-22T15:59:23Z'
modified:
type: string
nullable: true
description: an ISO 8601 UTC timestamp when this rule was last modified
example: '021-07-22T15:59:23Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:rule-management-connector:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
delete:
tags:
- Connector Rule Management
summary: Delete connector rule
description: Delete the connector rule for the given ID.
operationId: deleteConnectorRule
parameters:
- name: id
in: path
description: ID of the connector rule to delete.
required: true
x-sailpoint-resource-operation-id: getConnectorRuleList
style: simple
explode: false
schema:
type: string
example: 8c190e6787aa4ed9a90bd9d5344523fb
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:rule-management-connector:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
/connector-rules/validate:
post:
tags:
- Connector Rule Management
operationId: testConnectorRule
summary: Validate connector rule
description: Detect issues within the connector rule's code to fix and list them.
requestBody:
required: true
description: Code to validate.
content:
application/json:
schema:
description: SourceCode
type: object
required:
- version
- script
properties:
version:
type: string
description: the version of the code
example: '1.0'
script:
type: string
description: The code
example: return "Mr. " + firstName;
responses:
'200':
description: Status of the code's eligibility as a connector rule.
content:
application/json:
schema:
description: ConnectorRuleValidationResponse
type: object
required:
- state
- details
properties:
state:
type: string
enum:
- OK
- ERROR
example: ERROR
details:
type: array
items:
description: CodeErrorDetail
type: object
required:
- line
- column
- message
properties:
line:
type: integer
description: The line number where the issue occurred
example: 2
column:
type: integer
description: the column number where the issue occurred
example: 5
messsage:
type: string
description: a description of the issue in the code
example: Remove reference to .decrypt(
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:rule-management-connector:read'
- 'idn:rule-management-connector:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
'/data-segments/membership/{identityId}':
get:
operationId: getDataSegmentIdentityMembership
security:
- userAuth:
- 'idn:data-segments:read'
- applicationAuth:
- 'idn:data-segments:read'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Data Segmentation
summary: Get segmentmembership by identity id
description: This API returns the segment membership specified by the given identity ID.
parameters:
- in: path
name: identityId
schema:
type: string
required: true
description: The identity ID to retrieve the segments they are in.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Segment Memberships for specified identity
content:
application/json:
schema:
items:
type: object
description: Contains the segments and types that an identity is associated with
properties:
segments:
type: array
items:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
description: List of segment ids that the identity is associated with.
allAccessScopes:
type: array
items:
type: string
enum:
- ENTITLEMENT
- CERTIFICATION
- IDENTITY
- ENTITLEMENTREQUEST
description: An enumeration of the types of scope choices
example: ALL
description: They type of scopes that are assigned to the identity.
refreshBy:
type: string
format: date-time
description: Date time string that lets you know when the membership data is going to be refreshed.
example: '2020-01-01T00:00:00.000000Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/data-segments/user-enabled/{identityId}':
get:
operationId: getDataSegmentationEnabledForUser
security:
- userAuth:
- 'idn:data-segments:read'
- applicationAuth:
- 'idn:data-segments:read'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Data Segmentation
summary: Is segmentation enabled by identity
description: This API returns whether or not segmentation is enabled for the identity.
parameters:
- in: path
name: identityId
schema:
type: string
required: true
description: The identity ID to retrieve if segmentation is enabled for the identity.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Returns if segmentation is enabled for a specified User
content:
application/json:
schema:
type: boolean
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/data-segments/{segmentId}':
get:
operationId: getDataSegment
security:
- userAuth:
- 'idn:data-segments:read'
- applicationAuth:
- 'idn:data-segments:read'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Data Segmentation
summary: Get segment by id
description: This API returns the segment specified by the given ID.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The segment ID to retrieve.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Segment
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
scopes:
type: array
items:
type: object
description: This defines what access the segment is giving
properties:
scope:
type: string
enum:
- ENTITLEMENT
- CERTIFICATION
- IDENTITY
- ENTITLEMENTREQUEST
description: An enumeration of the types of scope choices
example: ALL
visibility:
type: string
enum:
- ALL
- FILTER
- SELECTION
- UNSEGMENTED
description: An enumeration of the types of scope visibility choices
example: ALL
scopeFilter:
type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
scopeSelection:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
nullable: false
description: List of Identities that are assigned to the segment
example:
- type: IDENTITY
id: 29cb6c061da843ea8be4b3125f248f2a
- type: IDENTITY
id: f7b1b8a35fed4fd4ad2982014e137e19
nullable: false
description: List of Scopes that are assigned to the segment
example:
- scope: ENTITLEMENT
visibility: SELECTION
scopeFilter: null
scopeSelection:
- type: ENTITLEMENT
id: 34d73f611449463ea4fdcf02cda0c397
memberSelection:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
nullable: false
description: List of Identities that are assigned to the segment
example:
- type: IDENTITY
id: 29cb6c061da843ea8be4b3125f248f2a
- type: IDENTITY
id: f7b1b8a35fed4fd4ad2982014e137e19
memberFilter:
type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
membership:
type: string
enum:
- ALL
- FILTER
- SELECTION
description: An enumeration of the types of membership choices
example: ALL
enabled:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
published:
type: boolean
description: This boolean indicates whether the segment is being applied to the accounts. If unpublished its being actively modified to until published
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: publishDataSegment
security:
- userAuth:
- 'idn:data-segments:write'
- applicationAuth:
- 'idn:data-segments:write'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Data Segmentation
summary: Publish segment by id
description: This will publish the segment so that it starts applying the segmentation to the desired users if enabled
parameters:
- in: query
name: publishAll
schema:
type: boolean
default: true
required: false
description: This flag decides whether you want to publish all unpublished or a list of specific segment ids
example: true
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
description: A list of segment ids that you wish to publish
content:
application/json:
schema:
type: array
items:
type: string
responses:
'200':
description: Segments published
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchDataSegment
security:
- userAuth:
- 'idn:data-segments:write'
- applicationAuth:
- 'idn:data-segments:write'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Data Segmentation
summary: Update segment
description: 'Use this API to update segment fields by using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The segment ID to modify.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
description: |
A list of segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* description
* membership
* memberFilter
* memberSelection
* scopes
* enabled
content:
application/json-patch+json:
schema:
type: array
items:
type: object
examples:
Set Visibility Criteria:
description: Set the member filter
value:
- op: replace
path: /memberFilter
value:
expression:
operator: AND
children:
- operator: EQUALS
attribute: location
value:
type: STRING
value: Philadelphia
- operator: EQUALS
attribute: department
value:
type: STRING
value: HR
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the segment''s new representation.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
scopes:
type: array
items:
type: object
description: This defines what access the segment is giving
properties:
scope:
type: string
enum:
- ENTITLEMENT
- CERTIFICATION
- IDENTITY
- ENTITLEMENTREQUEST
description: An enumeration of the types of scope choices
example: ALL
visibility:
type: string
enum:
- ALL
- FILTER
- SELECTION
- UNSEGMENTED
description: An enumeration of the types of scope visibility choices
example: ALL
scopeFilter:
type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
scopeSelection:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
nullable: false
description: List of Identities that are assigned to the segment
example:
- type: IDENTITY
id: 29cb6c061da843ea8be4b3125f248f2a
- type: IDENTITY
id: f7b1b8a35fed4fd4ad2982014e137e19
nullable: false
description: List of Scopes that are assigned to the segment
example:
- scope: ENTITLEMENT
visibility: SELECTION
scopeFilter: null
scopeSelection:
- type: ENTITLEMENT
id: 34d73f611449463ea4fdcf02cda0c397
memberSelection:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
nullable: false
description: List of Identities that are assigned to the segment
example:
- type: IDENTITY
id: 29cb6c061da843ea8be4b3125f248f2a
- type: IDENTITY
id: f7b1b8a35fed4fd4ad2982014e137e19
memberFilter:
type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
membership:
type: string
enum:
- ALL
- FILTER
- SELECTION
description: An enumeration of the types of membership choices
example: ALL
enabled:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
published:
type: boolean
description: This boolean indicates whether the segment is being applied to the accounts. If unpublished its being actively modified to until published
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteDataSegment
security:
- userAuth:
- 'idn:data-segments:write'
- applicationAuth:
- 'idn:data-segments:write'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Data Segmentation
summary: Delete segment by id
description: This API deletes the segment specified by the given ID.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The segment ID to delete.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
- in: query
name: published
schema:
type: boolean
default: false
required: false
description: This determines which version of the segment to delete
example: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/data-segments:
get:
operationId: listDataSegments
security:
- userAuth:
- 'idn:data-segments:read'
- applicationAuth:
- 'idn:data-segments:read'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Data Segmentation
summary: Get segments
description: This API returns the segment specified by the given ID.
parameters:
- in: query
name: enabled
required: false
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
schema:
type: boolean
default: true
example: true
- in: query
name: unique
required: false
description: This returns only one record if set to true and that would be the published record if exists.
schema:
type: boolean
default: false
example: false
- in: query
name: published
required: false
description: This boolean indicates whether the segment is being applied to the accounts. If unpublished its being actively modified until published
schema:
type: boolean
default: true
example: true
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
example: name eq ""
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, sw*
**name**: *eq, in, sw*
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of all segments
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
scopes:
type: array
items:
type: object
description: This defines what access the segment is giving
properties:
scope:
type: string
enum:
- ENTITLEMENT
- CERTIFICATION
- IDENTITY
- ENTITLEMENTREQUEST
description: An enumeration of the types of scope choices
example: ALL
visibility:
type: string
enum:
- ALL
- FILTER
- SELECTION
- UNSEGMENTED
description: An enumeration of the types of scope visibility choices
example: ALL
scopeFilter:
type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
scopeSelection:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
nullable: false
description: List of Identities that are assigned to the segment
example:
- type: IDENTITY
id: 29cb6c061da843ea8be4b3125f248f2a
- type: IDENTITY
id: f7b1b8a35fed4fd4ad2982014e137e19
nullable: false
description: List of Scopes that are assigned to the segment
example:
- scope: ENTITLEMENT
visibility: SELECTION
scopeFilter: null
scopeSelection:
- type: ENTITLEMENT
id: 34d73f611449463ea4fdcf02cda0c397
memberSelection:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
nullable: false
description: List of Identities that are assigned to the segment
example:
- type: IDENTITY
id: 29cb6c061da843ea8be4b3125f248f2a
- type: IDENTITY
id: f7b1b8a35fed4fd4ad2982014e137e19
memberFilter:
type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
membership:
type: string
enum:
- ALL
- FILTER
- SELECTION
description: An enumeration of the types of membership choices
example: ALL
enabled:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
published:
type: boolean
description: This boolean indicates whether the segment is being applied to the accounts. If unpublished its being actively modified to until published
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createDataSegment
security:
- userAuth:
- 'idn:data-segments:write'
- applicationAuth:
- 'idn:data-segments:write'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Data Segmentation
summary: Create segment
description: |-
This API creates a segment.
>**Note:** Segment definitions may take time to propagate to all identities.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
scopes:
type: array
items:
type: object
description: This defines what access the segment is giving
properties:
scope:
type: string
enum:
- ENTITLEMENT
- CERTIFICATION
- IDENTITY
- ENTITLEMENTREQUEST
description: An enumeration of the types of scope choices
example: ALL
visibility:
type: string
enum:
- ALL
- FILTER
- SELECTION
- UNSEGMENTED
description: An enumeration of the types of scope visibility choices
example: ALL
scopeFilter:
type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
scopeSelection:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
nullable: false
description: List of Identities that are assigned to the segment
example:
- type: IDENTITY
id: 29cb6c061da843ea8be4b3125f248f2a
- type: IDENTITY
id: f7b1b8a35fed4fd4ad2982014e137e19
nullable: false
description: List of Scopes that are assigned to the segment
example:
- scope: ENTITLEMENT
visibility: SELECTION
scopeFilter: null
scopeSelection:
- type: ENTITLEMENT
id: 34d73f611449463ea4fdcf02cda0c397
memberSelection:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
nullable: false
description: List of Identities that are assigned to the segment
example:
- type: IDENTITY
id: 29cb6c061da843ea8be4b3125f248f2a
- type: IDENTITY
id: f7b1b8a35fed4fd4ad2982014e137e19
memberFilter:
type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
membership:
type: string
enum:
- ALL
- FILTER
- SELECTION
description: An enumeration of the types of membership choices
example: ALL
enabled:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
published:
type: boolean
description: This boolean indicates whether the segment is being applied to the accounts. If unpublished its being actively modified to until published
default: false
example: true
responses:
'201':
description: Segment created
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
scopes:
type: array
items:
type: object
description: This defines what access the segment is giving
properties:
scope:
type: string
enum:
- ENTITLEMENT
- CERTIFICATION
- IDENTITY
- ENTITLEMENTREQUEST
description: An enumeration of the types of scope choices
example: ALL
visibility:
type: string
enum:
- ALL
- FILTER
- SELECTION
- UNSEGMENTED
description: An enumeration of the types of scope visibility choices
example: ALL
scopeFilter:
type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
scopeSelection:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
nullable: false
description: List of Identities that are assigned to the segment
example:
- type: IDENTITY
id: 29cb6c061da843ea8be4b3125f248f2a
- type: IDENTITY
id: f7b1b8a35fed4fd4ad2982014e137e19
nullable: false
description: List of Scopes that are assigned to the segment
example:
- scope: ENTITLEMENT
visibility: SELECTION
scopeFilter: null
scopeSelection:
- type: ENTITLEMENT
id: 34d73f611449463ea4fdcf02cda0c397
memberSelection:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
nullable: false
description: List of Identities that are assigned to the segment
example:
- type: IDENTITY
id: 29cb6c061da843ea8be4b3125f248f2a
- type: IDENTITY
id: f7b1b8a35fed4fd4ad2982014e137e19
memberFilter:
type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
membership:
type: string
enum:
- ALL
- FILTER
- SELECTION
description: An enumeration of the types of membership choices
example: ALL
enabled:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
published:
type: boolean
description: This boolean indicates whether the segment is being applied to the accounts. If unpublished its being actively modified to until published
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{identity-id}/set-lifecycle-state':
post:
operationId: setLifecycleState
tags:
- Lifecycle States
summary: Set lifecycle state
description: Use this API to set/update an identity's lifecycle state to the one provided and update the corresponding identity profile.
security:
- userAuth:
- 'idn:identity-lifecycle-state:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: identity-id
description: ID of the identity to update.
required: true
x-sailpoint-resource-operation-id: listIdentities
example: 2c9180857893f1290178944561990364
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
lifecycleStateId:
type: string
description: ID of the lifecycle state to set.
example: 2c9180877a86e408017a8c19fefe046c
responses:
'200':
description: The request was successfully accepted into the system.
content:
application/json:
schema:
type: object
properties:
accountActivityId:
type: string
example: 2c9180837ab5b716017ab7c6c9ef1e20
description: 'ID of the IdentityRequest object that is generated when the workflow launches. To follow the IdentityRequest, you can provide this ID with a [Get Account Activity request](https://developer.sailpoint.com/docs/api/v3/get-account-activity/). The response will contain relevant information about the IdentityRequest, such as its status.'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identity-profiles/{identity-profile-id}/lifecycle-states':
get:
operationId: getLifecycleStates
tags:
- Lifecycle States
summary: Lists lifecyclestates
description: 'Use this endpoint to list all lifecycle states by their associated identity profiles. '
security:
- userAuth:
- 'idn:identity-profile-lifecycle-state:read'
- applicationAuth:
- 'idn:identity-profile-lifecycle-state:read'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: identity-profile-id
description: Identity profile ID.
required: true
x-sailpoint-resource-operation-id: listIdentityProfiles
schema:
type: string
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'created,modified'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified**
responses:
'200':
description: List of LifecycleState objects.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- technicalName
properties:
enabled:
type: boolean
default: false
example: true
description: Indicates whether the lifecycle state is enabled or disabled.
technicalName:
type: string
example: Technical Name
description: The lifecycle state's technical name. This is for internal use.
description:
type: string
nullable: true
example: Lifecycle description
description: Lifecycle state's description.
identityCount:
type: integer
format: int32
example: 42
readOnly: true
description: Number of identities that have the lifecycle state.
emailNotificationOption:
type: object
description: This is used for representing email configuration for a lifecycle state
properties:
notifyManagers:
type: boolean
default: false
example: true
description: 'If true, then the manager is notified of the lifecycle state change.'
notifyAllAdmins:
type: boolean
default: false
example: true
description: 'If true, then all the admins are notified of the lifecycle state change.'
notifySpecificUsers:
type: boolean
default: false
example: true
description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
emailAddressList:
type: array
example:
- test@test.com
- test2@test.com
items:
type: string
description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
accountActions:
type: array
items:
type: object
description: Object for specifying Actions to be performed on a specified list of sources' account.
properties:
action:
example: ENABLE
type: string
description: Describes if action will be enabled or disabled
enum:
- ENABLE
- DISABLE
sourceIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
accessProfileIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique access-profile IDs that are associated with the lifecycle state.
identityState:
type: string
nullable: true
example: null
description: The lifecycle state's associated identity state. This field is generally 'null'.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createLifecycleState
tags:
- Lifecycle States
summary: Create lifecycle state
description: Use this endpoint to create a lifecycle state.
security:
- userAuth:
- 'idn:identity-profile-lifecycle-state:manage'
- applicationAuth:
- 'idn:identity-profile-lifecycle-state:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: identity-profile-id
description: Identity profile ID.
required: true
x-sailpoint-resource-operation-id: listIdentityProfiles
schema:
type: string
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
requestBody:
description: Lifecycle state to be created.
required: true
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- technicalName
properties:
enabled:
type: boolean
default: false
example: true
description: Indicates whether the lifecycle state is enabled or disabled.
technicalName:
type: string
example: Technical Name
description: The lifecycle state's technical name. This is for internal use.
description:
type: string
nullable: true
example: Lifecycle description
description: Lifecycle state's description.
identityCount:
type: integer
format: int32
example: 42
readOnly: true
description: Number of identities that have the lifecycle state.
emailNotificationOption:
type: object
description: This is used for representing email configuration for a lifecycle state
properties:
notifyManagers:
type: boolean
default: false
example: true
description: 'If true, then the manager is notified of the lifecycle state change.'
notifyAllAdmins:
type: boolean
default: false
example: true
description: 'If true, then all the admins are notified of the lifecycle state change.'
notifySpecificUsers:
type: boolean
default: false
example: true
description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
emailAddressList:
type: array
example:
- test@test.com
- test2@test.com
items:
type: string
description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
accountActions:
type: array
items:
type: object
description: Object for specifying Actions to be performed on a specified list of sources' account.
properties:
action:
example: ENABLE
type: string
description: Describes if action will be enabled or disabled
enum:
- ENABLE
- DISABLE
sourceIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
accessProfileIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique access-profile IDs that are associated with the lifecycle state.
identityState:
type: string
nullable: true
example: null
description: The lifecycle state's associated identity state. This field is generally 'null'.
responses:
'201':
description: Created LifecycleState object.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- technicalName
properties:
enabled:
type: boolean
default: false
example: true
description: Indicates whether the lifecycle state is enabled or disabled.
technicalName:
type: string
example: Technical Name
description: The lifecycle state's technical name. This is for internal use.
description:
type: string
nullable: true
example: Lifecycle description
description: Lifecycle state's description.
identityCount:
type: integer
format: int32
example: 42
readOnly: true
description: Number of identities that have the lifecycle state.
emailNotificationOption:
type: object
description: This is used for representing email configuration for a lifecycle state
properties:
notifyManagers:
type: boolean
default: false
example: true
description: 'If true, then the manager is notified of the lifecycle state change.'
notifyAllAdmins:
type: boolean
default: false
example: true
description: 'If true, then all the admins are notified of the lifecycle state change.'
notifySpecificUsers:
type: boolean
default: false
example: true
description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
emailAddressList:
type: array
example:
- test@test.com
- test2@test.com
items:
type: string
description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
accountActions:
type: array
items:
type: object
description: Object for specifying Actions to be performed on a specified list of sources' account.
properties:
action:
example: ENABLE
type: string
description: Describes if action will be enabled or disabled
enum:
- ENABLE
- DISABLE
sourceIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
accessProfileIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique access-profile IDs that are associated with the lifecycle state.
identityState:
type: string
nullable: true
example: null
description: The lifecycle state's associated identity state. This field is generally 'null'.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identity-profiles/{identity-profile-id}/lifecycle-states/{lifecycle-state-id}':
get:
operationId: getLifecycleState
tags:
- Lifecycle States
summary: Get lifecycle state
description: 'Use this endpoint to get a lifecycle state by its ID and its associated identity profile ID. '
security:
- userAuth:
- 'idn:identity-profile-lifecycle-state:read'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: identity-profile-id
description: Identity profile ID.
required: true
x-sailpoint-resource-operation-id: listIdentityProfiles
schema:
type: string
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
- in: path
name: lifecycle-state-id
description: Lifecycle state ID.
required: true
x-sailpoint-resource-operation-id: getLifecycleStates
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: The requested LifecycleState was successfully retrieved.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- technicalName
properties:
enabled:
type: boolean
default: false
example: true
description: Indicates whether the lifecycle state is enabled or disabled.
technicalName:
type: string
example: Technical Name
description: The lifecycle state's technical name. This is for internal use.
description:
type: string
nullable: true
example: Lifecycle description
description: Lifecycle state's description.
identityCount:
type: integer
format: int32
example: 42
readOnly: true
description: Number of identities that have the lifecycle state.
emailNotificationOption:
type: object
description: This is used for representing email configuration for a lifecycle state
properties:
notifyManagers:
type: boolean
default: false
example: true
description: 'If true, then the manager is notified of the lifecycle state change.'
notifyAllAdmins:
type: boolean
default: false
example: true
description: 'If true, then all the admins are notified of the lifecycle state change.'
notifySpecificUsers:
type: boolean
default: false
example: true
description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
emailAddressList:
type: array
example:
- test@test.com
- test2@test.com
items:
type: string
description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
accountActions:
type: array
items:
type: object
description: Object for specifying Actions to be performed on a specified list of sources' account.
properties:
action:
example: ENABLE
type: string
description: Describes if action will be enabled or disabled
enum:
- ENABLE
- DISABLE
sourceIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
accessProfileIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique access-profile IDs that are associated with the lifecycle state.
identityState:
type: string
nullable: true
example: null
description: The lifecycle state's associated identity state. This field is generally 'null'.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateLifecycleStates
tags:
- Lifecycle States
summary: Update lifecycle state
description: 'Use this endpoint to update individual lifecycle state fields, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
security:
- userAuth:
- 'idn:identity-profile-lifecycle-state:manage'
- applicationAuth:
- 'idn:identity-profile-lifecycle-state:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: identity-profile-id
description: Identity profile ID.
required: true
x-sailpoint-resource-operation-id: listIdentityProfiles
schema:
type: string
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
- in: path
name: lifecycle-state-id
description: Lifecycle state ID.
required: true
x-sailpoint-resource-operation-id: getLifecycleStates
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: |
A list of lifecycle state update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields can be updated:
* enabled
* description
* accountActions
* accessProfileIds
* emailNotificationOption
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /description
value: Updated description!
- op: replace
path: /accessProfileIds
value:
- 2c918087742bab150174407a80f3125e
- 2c918087742bab150174407a80f3124f
- op: replace
path: /accountActions
value:
- action: ENABLE
sourceIds:
- 2c9180846a2f82fb016a481c1b1560c5
- 2c9180846a2f82fb016a481c1b1560cc
- action: DISABLE
sourceIds:
- 2c91808869a0c9980169a207258513fb
- op: replace
path: /emailNotificationOption
value:
notifyManagers: true
notifyAllAdmins: false
notifySpecificUsers: false
emailAddressList: []
responses:
'200':
description: The LifecycleState was successfully updated.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- technicalName
properties:
enabled:
type: boolean
default: false
example: true
description: Indicates whether the lifecycle state is enabled or disabled.
technicalName:
type: string
example: Technical Name
description: The lifecycle state's technical name. This is for internal use.
description:
type: string
nullable: true
example: Lifecycle description
description: Lifecycle state's description.
identityCount:
type: integer
format: int32
example: 42
readOnly: true
description: Number of identities that have the lifecycle state.
emailNotificationOption:
type: object
description: This is used for representing email configuration for a lifecycle state
properties:
notifyManagers:
type: boolean
default: false
example: true
description: 'If true, then the manager is notified of the lifecycle state change.'
notifyAllAdmins:
type: boolean
default: false
example: true
description: 'If true, then all the admins are notified of the lifecycle state change.'
notifySpecificUsers:
type: boolean
default: false
example: true
description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
emailAddressList:
type: array
example:
- test@test.com
- test2@test.com
items:
type: string
description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
accountActions:
type: array
items:
type: object
description: Object for specifying Actions to be performed on a specified list of sources' account.
properties:
action:
example: ENABLE
type: string
description: Describes if action will be enabled or disabled
enum:
- ENABLE
- DISABLE
sourceIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
accessProfileIds:
type: array
items:
type: string
uniqueItems: true
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
description: List of unique access-profile IDs that are associated with the lifecycle state.
identityState:
type: string
nullable: true
example: null
description: The lifecycle state's associated identity state. This field is generally 'null'.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteLifecycleState
tags:
- Lifecycle States
summary: Delete lifecycle state
description: 'Use this endpoint to delete the lifecycle state by its ID. '
security:
- userAuth:
- 'idn:identity-profile-lifecycle-state:manage'
- applicationAuth:
- 'idn:identity-profile-lifecycle-state:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: identity-profile-id
description: Identity profile ID.
required: true
x-sailpoint-resource-operation-id: listIdentityProfiles
schema:
type: string
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
- in: path
name: lifecycle-state-id
description: Lifecycle state ID.
required: true
x-sailpoint-resource-operation-id: getLifecycleStates
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: The request was successfully accepted into the system.
content:
application/json:
schema:
type: object
description: Deleted lifecycle state.
properties:
type:
type: string
description: Deleted lifecycle state's DTO type.
enum:
- LIFECYCLE_STATE
- TASK_RESULT
example: LIFECYCLE_STATE
id:
type: string
description: Deleted lifecycle state ID.
example: 12345
name:
type: string
description: Deleted lifecycle state's display name.
example: Contractor Lifecycle
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identity-profiles:
get:
operationId: listIdentityProfiles
tags:
- Identity Profiles
summary: List identity profiles
description: 'Get a list of identity profiles, based on the specified query parameters.'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
example: id eq "ef38f94347e94562b5bb8424a56397d8"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, ne, ge, gt, in, le, sw*
**name**: *eq, ne, ge, gt, in, le, sw*
**priority**: *eq, ne*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'id,name'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, priority, created, modified, owner.id, owner.name**
responses:
'200':
description: List of identity profiles.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: Identity profile's description.
example: My custom flat file profile
nullable: true
owner:
type: object
description: Identity profile's owner.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Owner's object type.
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Owner's name.
example: William Wilson
priority:
type: integer
format: int64
description: Identity profile's priority.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Authoritative source's object type.
example: SOURCE
id:
type: string
description: Authoritative source's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Authoritative source's name.
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: Set this value to 'True' if an identity refresh is necessary. You would typically want to trigger an identity refresh when a change has been made on the source.
example: true
identityCount:
type: integer
description: Number of identities belonging to the identity profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: Backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Transform definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Identity attribute's name.
example: email
transformDefinition:
description: Seaspray transform definition.
type: object
properties:
type:
type: string
description: Transform definition type.
example: accountAttribute
attributes:
type: object
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: Task result ID.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: Report name.
hasTimeBasedAttr:
description: Indicates the value of `requiresPeriodicRefresh` attribute for the identity profile.
type: boolean
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:identity-profile:read'
- applicationAuth:
- 'idn:identity-profile:read'
x-sailpoint-userLevels:
- ORG_ADMIN
post:
operationId: createIdentityProfile
summary: Create identity profile
description: 'Creates an identity profile. '
tags:
- Identity Profiles
requestBody:
required: true
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: Identity profile's description.
example: My custom flat file profile
nullable: true
owner:
type: object
description: Identity profile's owner.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Owner's object type.
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Owner's name.
example: William Wilson
priority:
type: integer
format: int64
description: Identity profile's priority.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Authoritative source's object type.
example: SOURCE
id:
type: string
description: Authoritative source's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Authoritative source's name.
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: Set this value to 'True' if an identity refresh is necessary. You would typically want to trigger an identity refresh when a change has been made on the source.
example: true
identityCount:
type: integer
description: Number of identities belonging to the identity profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: Backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Transform definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Identity attribute's name.
example: email
transformDefinition:
description: Seaspray transform definition.
type: object
properties:
type:
type: string
description: Transform definition type.
example: accountAttribute
attributes:
type: object
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: Task result ID.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: Report name.
hasTimeBasedAttr:
description: Indicates the value of `requiresPeriodicRefresh` attribute for the identity profile.
type: boolean
default: false
example: true
responses:
'201':
description: Created identity profile.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: Identity profile's description.
example: My custom flat file profile
nullable: true
owner:
type: object
description: Identity profile's owner.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Owner's object type.
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Owner's name.
example: William Wilson
priority:
type: integer
format: int64
description: Identity profile's priority.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Authoritative source's object type.
example: SOURCE
id:
type: string
description: Authoritative source's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Authoritative source's name.
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: Set this value to 'True' if an identity refresh is necessary. You would typically want to trigger an identity refresh when a change has been made on the source.
example: true
identityCount:
type: integer
description: Number of identities belonging to the identity profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: Backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Transform definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Identity attribute's name.
example: email
transformDefinition:
description: Seaspray transform definition.
type: object
properties:
type:
type: string
description: Transform definition type.
example: accountAttribute
attributes:
type: object
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: Task result ID.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: Report name.
hasTimeBasedAttr:
description: Indicates the value of `requiresPeriodicRefresh` attribute for the identity profile.
type: boolean
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:identity-profile:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
/identity-profiles/bulk-delete:
post:
operationId: deleteIdentityProfiles
tags:
- Identity Profiles
summary: Delete identity profiles
description: |-
This deletes multiple Identity Profiles via a list of supplied IDs.
On success, this endpoint will return a reference to the bulk delete task result.
The following rights are required to access this endpoint: idn:identity-profile:delete
requestBody:
description: Identity Profile bulk delete request body.
required: true
content:
application/json:
schema:
description: List of Identity Profile IDs to delete.
type: array
items:
type: string
example:
- 2c9180867b2a34e0017b3078d60b0699
- 2c9180867b2a34e0017b3078d60b0698
responses:
'202':
description: Accepted - Returns a TaskResult object referencing the bulk delete job created.
content:
application/json:
schema:
description: An object with a TaskResult reference of the bulk delete job
type: object
properties:
id:
type: string
description: Task identifier
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: Task name
example: Background Object Terminator c8f030f2-b1a6-4e33-99e8-6935bc18735d
description:
type: string
description: Task description
example: 'Generic task for terminating data in the overlay, used by the TerminationService.'
launcher:
type: string
description: User or process who launched the task
example: support
completed:
type: string
format: date-time
description: Date time of completion
example: 'Mon Aug 21 14:57:39 CDT 2023'
launched:
type: string
format: date-time
description: Date time when the task was launched
example: 'Mon Aug 21 14:55:39 CDT 2023'
completionStatus:
type: string
enum:
- Success
- Warning
- Error
- Terminated
- TempError
description: Task result status
example: Success
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:identity-profile:delete'
x-sailpoint-userLevels:
- ORG_ADMIN
/identity-profiles/export:
get:
operationId: exportIdentityProfiles
tags:
- Identity Profiles
summary: Export identity profiles
description: This exports existing identity profiles in the format specified by the sp-config service.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
example: id eq "ef38f94347e94562b5bb8424a56397d8"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, ne*
**name**: *eq, ne*
**priority**: *eq, ne*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'id,name'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, priority**
responses:
'200':
description: List of export objects with identity profiles.
content:
application/json:
schema:
type: array
items:
type: object
description: Identity profile exported object.
properties:
version:
type: integer
example: 1
description: Version or object from the target service.
format: int32
self:
type: object
description: Self block for exported object.
properties:
type:
type: string
description: Exported object's DTO type.
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: SOURCE
id:
type: string
description: Exported object's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Exported object's display name.
example: HR Active Directory
object:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: Identity profile's description.
example: My custom flat file profile
nullable: true
owner:
type: object
description: Identity profile's owner.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Owner's object type.
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Owner's name.
example: William Wilson
priority:
type: integer
format: int64
description: Identity profile's priority.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Authoritative source's object type.
example: SOURCE
id:
type: string
description: Authoritative source's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Authoritative source's name.
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: Set this value to 'True' if an identity refresh is necessary. You would typically want to trigger an identity refresh when a change has been made on the source.
example: true
identityCount:
type: integer
description: Number of identities belonging to the identity profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: Backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Transform definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Identity attribute's name.
example: email
transformDefinition:
description: Seaspray transform definition.
type: object
properties:
type:
type: string
description: Transform definition type.
example: accountAttribute
attributes:
type: object
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: Task result ID.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: Report name.
hasTimeBasedAttr:
description: Indicates the value of `requiresPeriodicRefresh` attribute for the identity profile.
type: boolean
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:identity-profile:read'
/identity-profiles/import:
post:
operationId: importIdentityProfiles
summary: Import identity profiles
description: This imports previously exported identity profiles.
tags:
- Identity Profiles
requestBody:
description: Previously exported Identity Profiles.
required: true
content:
application/json:
schema:
type: array
items:
type: object
description: Identity profile exported object.
properties:
version:
type: integer
example: 1
description: Version or object from the target service.
format: int32
self:
type: object
description: Self block for exported object.
properties:
type:
type: string
description: Exported object's DTO type.
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: SOURCE
id:
type: string
description: Exported object's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Exported object's display name.
example: HR Active Directory
object:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: Identity profile's description.
example: My custom flat file profile
nullable: true
owner:
type: object
description: Identity profile's owner.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Owner's object type.
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Owner's name.
example: William Wilson
priority:
type: integer
format: int64
description: Identity profile's priority.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Authoritative source's object type.
example: SOURCE
id:
type: string
description: Authoritative source's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Authoritative source's name.
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: Set this value to 'True' if an identity refresh is necessary. You would typically want to trigger an identity refresh when a change has been made on the source.
example: true
identityCount:
type: integer
description: Number of identities belonging to the identity profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: Backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Transform definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Identity attribute's name.
example: email
transformDefinition:
description: Seaspray transform definition.
type: object
properties:
type:
type: string
description: Transform definition type.
example: accountAttribute
attributes:
type: object
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: Task result ID.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: Report name.
hasTimeBasedAttr:
description: Indicates the value of `requiresPeriodicRefresh` attribute for the identity profile.
type: boolean
default: false
example: true
responses:
'200':
description: The result of importing Identity Profiles.
content:
application/json:
schema:
type: object
title: Import Object Response Body
description: Response model for import of a single object.
properties:
infos:
description: Informational messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties: true
example:
details: message details
required:
- key
- text
- details
warnings:
description: Warning messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties: true
example:
details: message details
required:
- key
- text
- details
errors:
description: Error messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties: true
example:
details: message details
required:
- key
- text
- details
importedObjects:
description: References to objects that were created or updated by the import.
type: array
items:
type: object
description: Object created or updated by import.
properties:
type:
type: string
description: DTO type of object created or updated by import.
enum:
- CONNECTOR_RULE
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- RULE
- SOURCE
- TRANSFORM
- TRIGGER_SUBSCRIPTION
example: SOURCE
id:
type: string
description: ID of object created or updated by import.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Display name of object created or updated by import.
example: HR Active Directory
required:
- infos
- warnings
- errors
- importedObjects
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:identity-profile:manage'
'/identity-profiles/{identity-profile-id}':
get:
operationId: getIdentityProfile
tags:
- Identity Profiles
summary: Get identity profile
description: Get a single identity profile by ID.
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
x-sailpoint-resource-operation-id: listIdentityProfiles
description: Identity profile ID.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
responses:
'200':
description: Identity profile object.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: Identity profile's description.
example: My custom flat file profile
nullable: true
owner:
type: object
description: Identity profile's owner.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Owner's object type.
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Owner's name.
example: William Wilson
priority:
type: integer
format: int64
description: Identity profile's priority.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Authoritative source's object type.
example: SOURCE
id:
type: string
description: Authoritative source's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Authoritative source's name.
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: Set this value to 'True' if an identity refresh is necessary. You would typically want to trigger an identity refresh when a change has been made on the source.
example: true
identityCount:
type: integer
description: Number of identities belonging to the identity profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: Backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Transform definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Identity attribute's name.
example: email
transformDefinition:
description: Seaspray transform definition.
type: object
properties:
type:
type: string
description: Transform definition type.
example: accountAttribute
attributes:
type: object
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: Task result ID.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: Report name.
hasTimeBasedAttr:
description: Indicates the value of `requiresPeriodicRefresh` attribute for the identity profile.
type: boolean
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:identity-profile:read'
- applicationAuth:
- 'idn:identity-profile:read'
x-sailpoint-userLevels:
- ORG_ADMIN
delete:
operationId: deleteIdentityProfile
tags:
- Identity Profiles
summary: Delete identity profile
description: |-
Delete an identity profile by ID.
On success, this endpoint will return a reference to the bulk delete task result.
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
x-sailpoint-resource-operation-id: listIdentityProfiles
description: Identity profile ID.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Accepted - Returns a TaskResult object referencing the bulk delete job created.
content:
application/json:
schema:
description: An object with a TaskResult reference of the delete job.
type: object
properties:
id:
type: string
description: Task identifier
example: ff8081814d977c21014da056804a0af3
name:
type: string
description: Task name
example: Background Object Terminator c8f030f2-b1a6-4e33-99e8-6935bc18735d
description:
type: string
description: Task description
example: 'Generic task for terminating data in the overlay, used by the TerminationService.'
launcher:
type: string
description: User or process who launched the task
example: support
completed:
type: string
format: date-time
description: Date time of completion
example: 'Mon Aug 21 14:57:39 CDT 2023'
launched:
type: string
format: date-time
description: Date time when the task was launched
example: 'Mon Aug 21 14:55:39 CDT 2023'
completionStatus:
type: string
enum:
- Success
- Warning
- Error
- Terminated
- TempError
description: Task result status
example: Success
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:identity-profile:delete'
x-sailpoint-userLevels:
- ORG_ADMIN
patch:
operationId: updateIdentityProfile
tags:
- Identity Profiles
summary: Update identity profile
description: |-
Update a specified identity profile with this PATCH request.
You cannot update these fields:
* id
* created
* modified
* identityCount
* identityRefreshRequired
* Authoritative Source and Identity Attribute Configuration cannot be modified at the same time.
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
x-sailpoint-resource-operation-id: listIdentityProfiles
description: Identity profile ID.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: 'List of identity profile update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
add-attribute-transform:
summary: Add an attribute transform
value:
- op: add
path: /identityAttributeConfig/attributeTransforms/0
value:
identityAttributeName: location
transformDefinition:
type: accountAttribute
attributes:
sourceName: Employees
attributeName: location
sourceId: 2c91808878b7d63b0178c66ffcdc4ce4
responses:
'200':
description: Updated identity profile.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: Identity profile's description.
example: My custom flat file profile
nullable: true
owner:
type: object
description: Identity profile's owner.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Owner's object type.
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Owner's name.
example: William Wilson
priority:
type: integer
format: int64
description: Identity profile's priority.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Authoritative source's object type.
example: SOURCE
id:
type: string
description: Authoritative source's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Authoritative source's name.
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: Set this value to 'True' if an identity refresh is necessary. You would typically want to trigger an identity refresh when a change has been made on the source.
example: true
identityCount:
type: integer
description: Number of identities belonging to the identity profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: Backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Transform definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Identity attribute's name.
example: email
transformDefinition:
description: Seaspray transform definition.
type: object
properties:
type:
type: string
description: Transform definition type.
example: accountAttribute
attributes:
type: object
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: Task result ID.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: Report name.
hasTimeBasedAttr:
description: Indicates the value of `requiresPeriodicRefresh` attribute for the identity profile.
type: boolean
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:identity-profile:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
'/identity-profiles/{identity-profile-id}/default-identity-attribute-config':
get:
operationId: getDefaultIdentityAttributeConfig
tags:
- Identity Profiles
summary: Get default identity attribute config
description: This returns the default identity attribute config.
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
x-sailpoint-resource-operation-id: listIdentityProfiles
description: The Identity Profile ID.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
responses:
'200':
description: An Identity Attribute Config object.
content:
application/json:
schema:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: Backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Transform definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Identity attribute's name.
example: email
transformDefinition:
description: Seaspray transform definition.
type: object
properties:
type:
type: string
description: Transform definition type.
example: accountAttribute
attributes:
type: object
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:identity-profile:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
'/identity-profiles/{identity-profile-id}/process-identities':
post:
operationId: syncIdentityProfile
tags:
- Identity Profiles
summary: Process identities under profile
description: |-
Process identities under the profile
This operation should not be used to schedule your own identity processing or to perform system wide identity refreshes. The system will use a combination of [event-based processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#event-based-processing) and [scheduled processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#scheduled-processing) that runs every day at 8:00 AM and 8:00 PM in the tenant's timezone to keep your identities synchronized.
This should only be run on identity profiles that have the `identityRefreshRequired` attribute set to `true`. If `identityRefreshRequired` is false, then there is no benefit to running this operation. Typically, this operation is performed when a change is made to the identity profile or its related lifecycle states that requires a refresh.
This operation will perform the following activities on all identities under the identity profile.
1. Updates identity attribute according to the identity profile mappings. 2. Determines the identity's correct manager through manager correlation. 3. Updates the identity's access according to their assigned lifecycle state. 4. Updates the identity's access based on role assignment criteria.
externalDocs:
description: Learn more about manually processing identities here
url: 'https://documentation.sailpoint.com/saas/help/setup/identity_processing.html'
parameters:
- in: path
name: identity-profile-id
schema:
type: string
format: uuid
required: true
x-sailpoint-resource-operation-id: listIdentityProfiles
description: The Identity Profile ID to be processed
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:identity-profile:refresh'
x-sailpoint-userLevels:
- ORG_ADMIN
/managed-clients:
get:
tags:
- Managed Clients
summary: Get managed clients
description: List managed clients.
operationId: getManagedClients
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq*
**name**: *eq*
**clientId**: *eq*
**clusterId**: *eq*
required: false
example: name eq "client name"
responses:
'200':
description: 'Response with a list of managed clients, based on the specified query parameters.'
content:
application/json:
schema:
type: array
items:
description: Managed Client
type: object
required:
- clientId
- clusterId
- description
- type
properties:
id:
description: ManagedClient ID
readOnly: true
nullable: true
type: string
example: 2c9180878eaf4204018eb019c3570003
alertKey:
description: ManagedClient alert key
readOnly: true
nullable: true
type: string
example: CLIENT_STATUS_NOT_CONFIGURED
apiGatewayBaseUrl:
nullable: true
type: string
cookbook:
nullable: true
type: string
ccId:
description: Previous CC ID to be used in data migration. (This field will be deleted after CC migration!)
nullable: true
type: integer
format: int64
example: 2248
clientId:
description: The client ID used in API management
type: string
example: 00be54a2-bb6d-402f-9159-beb2d5319347
clusterId:
description: Cluster ID that the ManagedClient is linked to
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
description:
description: ManagedClient description
type: string
default: ''
example: A short description of the ManagedClient
ipAddress:
description: The public IP address of the ManagedClient
readOnly: true
nullable: true
type: string
example: 123.456.78.90
lastSeen:
description: When the ManagedClient was last seen by the server
readOnly: true
nullable: true
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
name:
description: ManagedClient name
nullable: true
type: string
default: VA-$clientId
example: aName
sinceLastSeen:
description: Milliseconds since the ManagedClient has polled the server
readOnly: true
nullable: true
type: string
example: 15000
status:
description: Status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
- null
example: NORMAL
type:
description: 'Type of the ManagedClient (VA, CCG)'
type: string
example: VA
clusterType:
description: Cluster Type of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- idn
- iai
- spConnectCluster
- sqsCluster
- das-rc
- das-pc
- das-dc
example: idn
vaDownloadUrl:
description: ManagedClient VA download URL
readOnly: true
nullable: true
type: string
example: aUrl
vaVersion:
description: Version that the ManagedClient's VA is running
readOnly: true
nullable: true
type: string
example: va-megapod-useast1-610-1621372012
secret:
description: Client's apiKey
nullable: true
type: string
example: ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381
createdAt:
description: The date/time this ManagedClient was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this ManagedClient was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
provisionStatus:
description: The provisioning status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- PROVISIONED
- DRAFT
example: PROVISIONED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:remote-client:read'
- 'idn:remote-client:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
post:
tags:
- Managed Clients
summary: Create managed client
description: |-
Create a new managed client.
The API returns a result that includes the managed client ID.
operationId: createManagedClient
requestBody:
required: true
content:
application/json:
schema:
description: Managed Client Request
type: object
required:
- clusterId
properties:
clusterId:
description: Cluster ID that the ManagedClient is linked to
type: string
example: aClusterId
description:
description: description for the ManagedClient to create
type: string
nullable: true
example: A short description of the ManagedClient
name:
description: name for the ManagedClient to create
type: string
nullable: true
example: aName
type:
description: 'Type of the ManagedClient (VA, CCG) to create'
type: string
nullable: true
example: VA
responses:
'200':
description: Created managed client.
content:
application/json:
schema:
description: Managed Client
type: object
required:
- clientId
- clusterId
- description
- type
properties:
id:
description: ManagedClient ID
readOnly: true
nullable: true
type: string
example: 2c9180878eaf4204018eb019c3570003
alertKey:
description: ManagedClient alert key
readOnly: true
nullable: true
type: string
example: CLIENT_STATUS_NOT_CONFIGURED
apiGatewayBaseUrl:
nullable: true
type: string
cookbook:
nullable: true
type: string
ccId:
description: Previous CC ID to be used in data migration. (This field will be deleted after CC migration!)
nullable: true
type: integer
format: int64
example: 2248
clientId:
description: The client ID used in API management
type: string
example: 00be54a2-bb6d-402f-9159-beb2d5319347
clusterId:
description: Cluster ID that the ManagedClient is linked to
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
description:
description: ManagedClient description
type: string
default: ''
example: A short description of the ManagedClient
ipAddress:
description: The public IP address of the ManagedClient
readOnly: true
nullable: true
type: string
example: 123.456.78.90
lastSeen:
description: When the ManagedClient was last seen by the server
readOnly: true
nullable: true
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
name:
description: ManagedClient name
nullable: true
type: string
default: VA-$clientId
example: aName
sinceLastSeen:
description: Milliseconds since the ManagedClient has polled the server
readOnly: true
nullable: true
type: string
example: 15000
status:
description: Status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
- null
example: NORMAL
type:
description: 'Type of the ManagedClient (VA, CCG)'
type: string
example: VA
clusterType:
description: Cluster Type of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- idn
- iai
- spConnectCluster
- sqsCluster
- das-rc
- das-pc
- das-dc
example: idn
vaDownloadUrl:
description: ManagedClient VA download URL
readOnly: true
nullable: true
type: string
example: aUrl
vaVersion:
description: Version that the ManagedClient's VA is running
readOnly: true
nullable: true
type: string
example: va-megapod-useast1-610-1621372012
secret:
description: Client's apiKey
nullable: true
type: string
example: ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381
createdAt:
description: The date/time this ManagedClient was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this ManagedClient was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
provisionStatus:
description: The provisioning status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- PROVISIONED
- DRAFT
example: PROVISIONED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:remote-client:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
'/managed-clients/{id}':
get:
tags:
- Managed Clients
summary: Get managed client
description: 'Get managed client by ID. '
operationId: getManagedClient
parameters:
- name: id
in: path
description: Managed client ID.
required: true
x-sailpoint-resource-operation-id: getManagedClients
example: 4440278c-0ce2-41ee-a0a9-f5cfd5e8d3b7
schema:
type: string
responses:
'200':
description: Managed client response.
content:
application/json:
schema:
description: Managed Client
type: object
required:
- clientId
- clusterId
- description
- type
properties:
id:
description: ManagedClient ID
readOnly: true
nullable: true
type: string
example: 2c9180878eaf4204018eb019c3570003
alertKey:
description: ManagedClient alert key
readOnly: true
nullable: true
type: string
example: CLIENT_STATUS_NOT_CONFIGURED
apiGatewayBaseUrl:
nullable: true
type: string
cookbook:
nullable: true
type: string
ccId:
description: Previous CC ID to be used in data migration. (This field will be deleted after CC migration!)
nullable: true
type: integer
format: int64
example: 2248
clientId:
description: The client ID used in API management
type: string
example: 00be54a2-bb6d-402f-9159-beb2d5319347
clusterId:
description: Cluster ID that the ManagedClient is linked to
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
description:
description: ManagedClient description
type: string
default: ''
example: A short description of the ManagedClient
ipAddress:
description: The public IP address of the ManagedClient
readOnly: true
nullable: true
type: string
example: 123.456.78.90
lastSeen:
description: When the ManagedClient was last seen by the server
readOnly: true
nullable: true
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
name:
description: ManagedClient name
nullable: true
type: string
default: VA-$clientId
example: aName
sinceLastSeen:
description: Milliseconds since the ManagedClient has polled the server
readOnly: true
nullable: true
type: string
example: 15000
status:
description: Status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
- null
example: NORMAL
type:
description: 'Type of the ManagedClient (VA, CCG)'
type: string
example: VA
clusterType:
description: Cluster Type of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- idn
- iai
- spConnectCluster
- sqsCluster
- das-rc
- das-pc
- das-dc
example: idn
vaDownloadUrl:
description: ManagedClient VA download URL
readOnly: true
nullable: true
type: string
example: aUrl
vaVersion:
description: Version that the ManagedClient's VA is running
readOnly: true
nullable: true
type: string
example: va-megapod-useast1-610-1621372012
secret:
description: Client's apiKey
nullable: true
type: string
example: ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381
createdAt:
description: The date/time this ManagedClient was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this ManagedClient was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
provisionStatus:
description: The provisioning status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- PROVISIONED
- DRAFT
example: PROVISIONED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:remote-client:read'
- 'idn:remote-client:manage'
- 'idn:managed-client-status:read'
- 'idn:managed-client-status:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
patch:
tags:
- Managed Clients
summary: Update managed client
description: Update an existing managed client.
operationId: updateManagedClient
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getManagedClients
description: Managed client ID.
example: 4440278c-0ce2-41ee-a0a9-f5cfd5e8d3b7
requestBody:
required: true
description: JSONPatch payload used to update the object.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
responses:
'200':
description: Updated managed client.
content:
application/json:
schema:
description: Managed Client
type: object
required:
- clientId
- clusterId
- description
- type
properties:
id:
description: ManagedClient ID
readOnly: true
nullable: true
type: string
example: 2c9180878eaf4204018eb019c3570003
alertKey:
description: ManagedClient alert key
readOnly: true
nullable: true
type: string
example: CLIENT_STATUS_NOT_CONFIGURED
apiGatewayBaseUrl:
nullable: true
type: string
cookbook:
nullable: true
type: string
ccId:
description: Previous CC ID to be used in data migration. (This field will be deleted after CC migration!)
nullable: true
type: integer
format: int64
example: 2248
clientId:
description: The client ID used in API management
type: string
example: 00be54a2-bb6d-402f-9159-beb2d5319347
clusterId:
description: Cluster ID that the ManagedClient is linked to
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
description:
description: ManagedClient description
type: string
default: ''
example: A short description of the ManagedClient
ipAddress:
description: The public IP address of the ManagedClient
readOnly: true
nullable: true
type: string
example: 123.456.78.90
lastSeen:
description: When the ManagedClient was last seen by the server
readOnly: true
nullable: true
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
name:
description: ManagedClient name
nullable: true
type: string
default: VA-$clientId
example: aName
sinceLastSeen:
description: Milliseconds since the ManagedClient has polled the server
readOnly: true
nullable: true
type: string
example: 15000
status:
description: Status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
- null
example: NORMAL
type:
description: 'Type of the ManagedClient (VA, CCG)'
type: string
example: VA
clusterType:
description: Cluster Type of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- idn
- iai
- spConnectCluster
- sqsCluster
- das-rc
- das-pc
- das-dc
example: idn
vaDownloadUrl:
description: ManagedClient VA download URL
readOnly: true
nullable: true
type: string
example: aUrl
vaVersion:
description: Version that the ManagedClient's VA is running
readOnly: true
nullable: true
type: string
example: va-megapod-useast1-610-1621372012
secret:
description: Client's apiKey
nullable: true
type: string
example: ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381
createdAt:
description: The date/time this ManagedClient was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this ManagedClient was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
provisionStatus:
description: The provisioning status of the ManagedClient
readOnly: true
nullable: true
type: string
enum:
- null
- PROVISIONED
- DRAFT
example: PROVISIONED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:remote-client:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
delete:
operationId: deleteManagedClient
tags:
- Managed Clients
summary: Delete managed client
description: Delete an existing managed client.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getManagedClients
description: Managed client ID.
example: 4440278c-0ce2-41ee-a0a9-f5cfd5e8d3b7
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:remote-client:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
'/managed-clients/{id}/status':
get:
tags:
- Managed Clients
summary: Get managed client status
description: 'Get a managed client''s status, using its ID.'
operationId: getManagedClientStatus
parameters:
- name: id
in: path
description: Managed client ID to get status for.
required: true
x-sailpoint-resource-operation-id: getManagedClients
schema:
type: string
example: aClientId
- name: type
in: query
description: Managed client type to get status for.
required: true
schema:
example: VA
description: Managed Client type
type: string
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
responses:
'200':
description: 'Response with the managed client status, with the given ID and type.'
content:
application/json:
schema:
description: Managed Client Status
type: object
required:
- body
- status
- type
- timestamp
properties:
body:
description: ManagedClientStatus body information
type: object
example:
alertKey: ''
id: '5678'
clusterId: '1234'
ccg_etag: ccg_etag123xyz456
ccg_pin: NONE
cookbook_etag: 20210420125956-20210511144538
hostname: megapod-useast1-secret-hostname.sailpoint.com
internal_ip: 127.0.0.1
lastSeen: '1620843964604'
sinceSeen: '14708'
sinceSeenMillis: '14708'
localDev: false
stacktrace: ''
state: null
status: NORMAL
uuid: null
product: idn
va_version: null
platform_version: '2'
os_version: 2345.3.1
os_type: flatcar
hypervisor: unknown
status:
description: status of the Managed Client
example: NORMAL
type: string
enum:
- NORMAL
- UNDEFINED
- NOT_CONFIGURED
- CONFIGURING
- WARNING
- ERROR
- FAILED
type:
description: type of the Managed Client
example: CCG
type: string
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
timestamp:
description: timestamp on the Client Status update
type: string
format: date-time
example: '2020-01-01T00:00:00.000000Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:managed-client-status:read'
/managed-clusters:
get:
tags:
- Managed Clusters
summary: Get managed clusters
description: 'List current organization''s managed clusters, based on request context.'
operationId: getManagedClusters
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**operational**: *eq*
required: false
example: operational eq "operation"
responses:
'200':
description: Response with a list of managed clusters.
content:
application/json:
schema:
type: array
items:
description: Managed Cluster
type: object
required:
- id
- clientType
- ccgVersion
properties:
id:
description: ManagedCluster ID
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
name:
description: ManagedCluster name
type: string
example: Managed Cluster Name
pod:
description: ManagedCluster pod
type: string
example: megapod-useast1
org:
description: ManagedCluster org
type: string
example: denali
type:
description: The Type of Cluster
example: idn
nullable: false
default: idn
type: string
enum:
- idn
- iai
configuration:
description: ManagedProcess configuration map
type: object
additionalProperties:
type: string
nullable: true
example:
clusterExternalId: e1ff7bb24c934240bbf55e1aa39e41c5
clusterType: sqsCluster
gmtOffset: '-5'
keyPair:
description: key pair for the ManagedCluster
type: object
properties:
publicKey:
nullable: true
description: ManagedCluster publicKey
type: string
example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----'
publicKeyThumbprint:
nullable: true
description: ManagedCluster publicKeyThumbprint
type: string
example: 6CMlaJIV44-xJxcB3CJBjDUUn54
publicKeyCertificate:
nullable: true
description: ManagedCluster publicKeyCertificate
type: string
example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----'
attributes:
description: Specific Attributes for Configuring a ManagedCluster by Type
type: object
properties:
queue:
description: ManagedCluster keystore for sqsCluster type
type: object
properties:
name:
description: ManagedCluster queue name
type: string
example: megapod-useast1-denali-lwt-cluster-1533
region:
description: ManagedCluster queue aws region
type: string
example: us-east-1
keystore:
nullable: true
description: ManagedCluster keystore for spConnectCluster type
type: string
example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW
description:
description: ManagedCluster description
type: string
default: q
example: A short description of the managed cluster.
redis:
description: Redis configuration for the ManagedCluster
type: object
properties:
redisHost:
description: ManagedCluster redisHost
type: string
example: megapod-useast1-shared-redis.cloud.sailpoint.com
redisPort:
description: ManagedCluster redisPort
type: integer
format: int32
example: 6379
clientType:
description: type of client for the ManagedCluster
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
ccgVersion:
description: CCG version used by the ManagedCluster
type: string
example: v01
pinnedConfig:
description: boolean flag indiacting whether or not the cluster configuration is pinned
type: boolean
default: false
example: false
logConfiguration:
description: client log configuration for the cluster
example: '{ "rootLevel": "WARN", "logLevels": { "foobar": "WARN" } }'
nullable: true
type: object
required:
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: 3a38a51992e8445ab51a549c0a70ee66
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults.
type: integer
format: int32
example: 120
default: 240
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request. Can be no greater than 24 hours from current date-time.
example: '2024-11-06T01:31:08.013164Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: INFO
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
sailpoint.connector.JDBCConnector: DEBUG
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
operational:
description: Whether or not the cluster is operational or not
type: boolean
default: false
example: false
status:
description: Cluster status
type: string
enum:
- CONFIGURING
- FAILED
- NO_CLIENTS
- NORMAL
- WARNING
example: NORMAL
publicKeyCertificate:
nullable: true
description: Public key certificate
type: string
example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----'
publicKeyThumbprint:
nullable: true
description: Public key thumbprint
type: string
example: obc6pLiulGbtZ
publicKey:
nullable: true
description: Public key
type: string
example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----'
alertKey:
description: Key describing any immediate cluster alerts
type: string
example: LIMITED_RESOURCES
clientIds:
type: array
description: List of clients in a cluster
items:
type: string
example:
- '1244'
- '1245'
serviceCount:
description: Number of services bound to a cluster
type: integer
format: int32
default: 0
example: 6
ccId:
description: 'CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished'
type: string
default: '0'
example: '1533'
createdAt:
description: The date/time this cluster was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this cluster was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:remote-client:read'
- 'idn:remote-client:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
post:
tags:
- Managed Clusters
summary: Create create managed cluster
description: |-
Create a new Managed Cluster.
The API returns a result that includes the managed cluster ID.
operationId: createManagedCluster
requestBody:
required: true
content:
application/json:
schema:
description: Request to create Managed Cluster
type: object
required:
- name
properties:
name:
description: ManagedCluster name
type: string
nullable: false
example: Managed Cluster Name
type:
description: The Type of Cluster
example: idn
type: string
enum:
- idn
- iai
configuration:
description: ManagedProcess configuration map
type: object
additionalProperties:
type: string
example:
clusterExternalId: externalId
ccgVersion: 77.0.0
description:
description: ManagedCluster description
type: string
nullable: true
example: A short description of the managed cluster.
responses:
'200':
description: Created managed cluster.
content:
application/json:
schema:
description: Managed Cluster
type: object
required:
- id
- clientType
- ccgVersion
properties:
id:
description: ManagedCluster ID
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
name:
description: ManagedCluster name
type: string
example: Managed Cluster Name
pod:
description: ManagedCluster pod
type: string
example: megapod-useast1
org:
description: ManagedCluster org
type: string
example: denali
type:
description: The Type of Cluster
example: idn
nullable: false
default: idn
type: string
enum:
- idn
- iai
configuration:
description: ManagedProcess configuration map
type: object
additionalProperties:
type: string
nullable: true
example:
clusterExternalId: e1ff7bb24c934240bbf55e1aa39e41c5
clusterType: sqsCluster
gmtOffset: '-5'
keyPair:
description: key pair for the ManagedCluster
type: object
properties:
publicKey:
nullable: true
description: ManagedCluster publicKey
type: string
example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----'
publicKeyThumbprint:
nullable: true
description: ManagedCluster publicKeyThumbprint
type: string
example: 6CMlaJIV44-xJxcB3CJBjDUUn54
publicKeyCertificate:
nullable: true
description: ManagedCluster publicKeyCertificate
type: string
example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----'
attributes:
description: Specific Attributes for Configuring a ManagedCluster by Type
type: object
properties:
queue:
description: ManagedCluster keystore for sqsCluster type
type: object
properties:
name:
description: ManagedCluster queue name
type: string
example: megapod-useast1-denali-lwt-cluster-1533
region:
description: ManagedCluster queue aws region
type: string
example: us-east-1
keystore:
nullable: true
description: ManagedCluster keystore for spConnectCluster type
type: string
example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW
description:
description: ManagedCluster description
type: string
default: q
example: A short description of the managed cluster.
redis:
description: Redis configuration for the ManagedCluster
type: object
properties:
redisHost:
description: ManagedCluster redisHost
type: string
example: megapod-useast1-shared-redis.cloud.sailpoint.com
redisPort:
description: ManagedCluster redisPort
type: integer
format: int32
example: 6379
clientType:
description: type of client for the ManagedCluster
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
ccgVersion:
description: CCG version used by the ManagedCluster
type: string
example: v01
pinnedConfig:
description: boolean flag indiacting whether or not the cluster configuration is pinned
type: boolean
default: false
example: false
logConfiguration:
description: client log configuration for the cluster
example: '{ "rootLevel": "WARN", "logLevels": { "foobar": "WARN" } }'
nullable: true
type: object
required:
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: 3a38a51992e8445ab51a549c0a70ee66
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults.
type: integer
format: int32
example: 120
default: 240
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request. Can be no greater than 24 hours from current date-time.
example: '2024-11-06T01:31:08.013164Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: INFO
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
sailpoint.connector.JDBCConnector: DEBUG
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
operational:
description: Whether or not the cluster is operational or not
type: boolean
default: false
example: false
status:
description: Cluster status
type: string
enum:
- CONFIGURING
- FAILED
- NO_CLIENTS
- NORMAL
- WARNING
example: NORMAL
publicKeyCertificate:
nullable: true
description: Public key certificate
type: string
example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----'
publicKeyThumbprint:
nullable: true
description: Public key thumbprint
type: string
example: obc6pLiulGbtZ
publicKey:
nullable: true
description: Public key
type: string
example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----'
alertKey:
description: Key describing any immediate cluster alerts
type: string
example: LIMITED_RESOURCES
clientIds:
type: array
description: List of clients in a cluster
items:
type: string
example:
- '1244'
- '1245'
serviceCount:
description: Number of services bound to a cluster
type: integer
format: int32
default: 0
example: 6
ccId:
description: 'CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished'
type: string
default: '0'
example: '1533'
createdAt:
description: The date/time this cluster was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this cluster was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:remote-client:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
'/managed-clusters/{id}':
get:
tags:
- Managed Clusters
summary: Get managed cluster
description: Get a managed cluster by ID.
operationId: getManagedCluster
parameters:
- name: id
in: path
description: Managed cluster ID.
required: true
x-sailpoint-resource-operation-id: getManagedClusters
example: 2c9180897de347a2017de8859e8c5039
style: simple
explode: false
schema:
type: string
responses:
'200':
description: Response with managed cluster for the given ID.
content:
application/json:
schema:
description: Managed Cluster
type: object
required:
- id
- clientType
- ccgVersion
properties:
id:
description: ManagedCluster ID
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
name:
description: ManagedCluster name
type: string
example: Managed Cluster Name
pod:
description: ManagedCluster pod
type: string
example: megapod-useast1
org:
description: ManagedCluster org
type: string
example: denali
type:
description: The Type of Cluster
example: idn
nullable: false
default: idn
type: string
enum:
- idn
- iai
configuration:
description: ManagedProcess configuration map
type: object
additionalProperties:
type: string
nullable: true
example:
clusterExternalId: e1ff7bb24c934240bbf55e1aa39e41c5
clusterType: sqsCluster
gmtOffset: '-5'
keyPair:
description: key pair for the ManagedCluster
type: object
properties:
publicKey:
nullable: true
description: ManagedCluster publicKey
type: string
example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----'
publicKeyThumbprint:
nullable: true
description: ManagedCluster publicKeyThumbprint
type: string
example: 6CMlaJIV44-xJxcB3CJBjDUUn54
publicKeyCertificate:
nullable: true
description: ManagedCluster publicKeyCertificate
type: string
example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----'
attributes:
description: Specific Attributes for Configuring a ManagedCluster by Type
type: object
properties:
queue:
description: ManagedCluster keystore for sqsCluster type
type: object
properties:
name:
description: ManagedCluster queue name
type: string
example: megapod-useast1-denali-lwt-cluster-1533
region:
description: ManagedCluster queue aws region
type: string
example: us-east-1
keystore:
nullable: true
description: ManagedCluster keystore for spConnectCluster type
type: string
example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW
description:
description: ManagedCluster description
type: string
default: q
example: A short description of the managed cluster.
redis:
description: Redis configuration for the ManagedCluster
type: object
properties:
redisHost:
description: ManagedCluster redisHost
type: string
example: megapod-useast1-shared-redis.cloud.sailpoint.com
redisPort:
description: ManagedCluster redisPort
type: integer
format: int32
example: 6379
clientType:
description: type of client for the ManagedCluster
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
ccgVersion:
description: CCG version used by the ManagedCluster
type: string
example: v01
pinnedConfig:
description: boolean flag indiacting whether or not the cluster configuration is pinned
type: boolean
default: false
example: false
logConfiguration:
description: client log configuration for the cluster
example: '{ "rootLevel": "WARN", "logLevels": { "foobar": "WARN" } }'
nullable: true
type: object
required:
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: 3a38a51992e8445ab51a549c0a70ee66
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults.
type: integer
format: int32
example: 120
default: 240
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request. Can be no greater than 24 hours from current date-time.
example: '2024-11-06T01:31:08.013164Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: INFO
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
sailpoint.connector.JDBCConnector: DEBUG
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
operational:
description: Whether or not the cluster is operational or not
type: boolean
default: false
example: false
status:
description: Cluster status
type: string
enum:
- CONFIGURING
- FAILED
- NO_CLIENTS
- NORMAL
- WARNING
example: NORMAL
publicKeyCertificate:
nullable: true
description: Public key certificate
type: string
example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----'
publicKeyThumbprint:
nullable: true
description: Public key thumbprint
type: string
example: obc6pLiulGbtZ
publicKey:
nullable: true
description: Public key
type: string
example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----'
alertKey:
description: Key describing any immediate cluster alerts
type: string
example: LIMITED_RESOURCES
clientIds:
type: array
description: List of clients in a cluster
items:
type: string
example:
- '1244'
- '1245'
serviceCount:
description: Number of services bound to a cluster
type: integer
format: int32
default: 0
example: 6
ccId:
description: 'CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished'
type: string
default: '0'
example: '1533'
createdAt:
description: The date/time this cluster was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this cluster was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:remote-client:read'
- 'idn:remote-client:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
patch:
tags:
- Managed Clusters
summary: Update managed cluster
description: Update an existing managed cluster.
operationId: updateManagedCluster
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getManagedClusters
description: Managed cluster ID.
example: 2c9180897de347a2017de8859e8c5039
requestBody:
required: true
description: JSONPatch payload used to update the object.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
responses:
'200':
description: Updated managed cluster.
content:
application/json:
schema:
description: Managed Cluster
type: object
required:
- id
- clientType
- ccgVersion
properties:
id:
description: ManagedCluster ID
type: string
example: e1ff7bb24c934240bbf55e1aa39e41c5
name:
description: ManagedCluster name
type: string
example: Managed Cluster Name
pod:
description: ManagedCluster pod
type: string
example: megapod-useast1
org:
description: ManagedCluster org
type: string
example: denali
type:
description: The Type of Cluster
example: idn
nullable: false
default: idn
type: string
enum:
- idn
- iai
configuration:
description: ManagedProcess configuration map
type: object
additionalProperties:
type: string
nullable: true
example:
clusterExternalId: e1ff7bb24c934240bbf55e1aa39e41c5
clusterType: sqsCluster
gmtOffset: '-5'
keyPair:
description: key pair for the ManagedCluster
type: object
properties:
publicKey:
nullable: true
description: ManagedCluster publicKey
type: string
example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----'
publicKeyThumbprint:
nullable: true
description: ManagedCluster publicKeyThumbprint
type: string
example: 6CMlaJIV44-xJxcB3CJBjDUUn54
publicKeyCertificate:
nullable: true
description: ManagedCluster publicKeyCertificate
type: string
example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----'
attributes:
description: Specific Attributes for Configuring a ManagedCluster by Type
type: object
properties:
queue:
description: ManagedCluster keystore for sqsCluster type
type: object
properties:
name:
description: ManagedCluster queue name
type: string
example: megapod-useast1-denali-lwt-cluster-1533
region:
description: ManagedCluster queue aws region
type: string
example: us-east-1
keystore:
nullable: true
description: ManagedCluster keystore for spConnectCluster type
type: string
example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW
description:
description: ManagedCluster description
type: string
default: q
example: A short description of the managed cluster.
redis:
description: Redis configuration for the ManagedCluster
type: object
properties:
redisHost:
description: ManagedCluster redisHost
type: string
example: megapod-useast1-shared-redis.cloud.sailpoint.com
redisPort:
description: ManagedCluster redisPort
type: integer
format: int32
example: 6379
clientType:
description: type of client for the ManagedCluster
type: string
example: CCG
nullable: true
enum:
- CCG
- VA
- INTERNAL
- IIQ_HARVESTER
- null
ccgVersion:
description: CCG version used by the ManagedCluster
type: string
example: v01
pinnedConfig:
description: boolean flag indiacting whether or not the cluster configuration is pinned
type: boolean
default: false
example: false
logConfiguration:
description: client log configuration for the cluster
example: '{ "rootLevel": "WARN", "logLevels": { "foobar": "WARN" } }'
nullable: true
type: object
required:
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: 3a38a51992e8445ab51a549c0a70ee66
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults.
type: integer
format: int32
example: 120
default: 240
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request. Can be no greater than 24 hours from current date-time.
example: '2024-11-06T01:31:08.013164Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: INFO
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
sailpoint.connector.JDBCConnector: DEBUG
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
operational:
description: Whether or not the cluster is operational or not
type: boolean
default: false
example: false
status:
description: Cluster status
type: string
enum:
- CONFIGURING
- FAILED
- NO_CLIENTS
- NORMAL
- WARNING
example: NORMAL
publicKeyCertificate:
nullable: true
description: Public key certificate
type: string
example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----'
publicKeyThumbprint:
nullable: true
description: Public key thumbprint
type: string
example: obc6pLiulGbtZ
publicKey:
nullable: true
description: Public key
type: string
example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----'
alertKey:
description: Key describing any immediate cluster alerts
type: string
example: LIMITED_RESOURCES
clientIds:
type: array
description: List of clients in a cluster
items:
type: string
example:
- '1244'
- '1245'
serviceCount:
description: Number of services bound to a cluster
type: integer
format: int32
default: 0
example: 6
ccId:
description: 'CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished'
type: string
default: '0'
example: '1533'
createdAt:
description: The date/time this cluster was created
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
updatedAt:
description: The date/time this cluster was last updated
example: '2023-08-04T20:48:01.865Z'
nullable: true
type: string
format: date-time
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:remote-client:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
delete:
operationId: deleteManagedCluster
tags:
- Managed Clusters
summary: Delete managed cluster
description: Delete an existing managed cluster.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getManagedClusters
description: Managed cluster ID.
example: 2c9180897de347a2017de8859e8c5039
- in: query
name: removeClients
schema:
type: boolean
default: false
required: false
description: Flag to determine the need to delete a cluster with clients.
example: false
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:remote-client:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
'/managed-clusters/{id}/log-config':
get:
tags:
- Managed Clusters
summary: Get managed cluster log configuration
description: Get a managed cluster's log configuration.
operationId: getClientLogConfiguration
parameters:
- name: id
in: path
description: ID of managed cluster to get log configuration for.
required: true
x-sailpoint-resource-operation-id: getManagedClusters
schema:
type: string
format: uuid
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
responses:
'200':
description: Log configuration of managed cluster for given cluster ID.
content:
application/json:
schema:
description: Client Runtime Logging Configuration
nullable: true
type: object
required:
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: 3a38a51992e8445ab51a549c0a70ee66
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults.
type: integer
format: int32
example: 120
default: 240
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request. Can be no greater than 24 hours from current date-time.
example: '2024-11-06T01:31:08.013164Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: INFO
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
sailpoint.connector.JDBCConnector: DEBUG
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:remote-client:read'
- 'idn:remote-client:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
put:
tags:
- Managed Clusters
summary: Update managed cluster log configuration
description: 'Update a managed cluster''s log configuration. You may only specify one of `durationMinutes` or `expiration`, up to 1440 minutes (24 hours) in the future. If neither is specified, the default value for `durationMinutes` is 240.'
operationId: putClientLogConfiguration
parameters:
- name: id
in: path
description: ID of the managed cluster to update the log configuration for.
required: true
x-sailpoint-resource-operation-id: getManagedClusters
schema:
type: string
format: uuid
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
requestBody:
description: Client log configuration for the given managed cluster.
content:
application/json:
schema:
oneOf:
- description: Client Runtime Logging Configuration
title: Set Duration Minutes
nullable: true
type: object
required:
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: 3a38a51992e8445ab51a549c0a70ee66
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults.
type: integer
format: int32
example: 120
default: 240
minimum: 5
maximum: 1440
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: INFO
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
sailpoint.connector.JDBCConnector: DEBUG
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
- description: Client Runtime Logging Configuration
title: Set Expiration Date
nullable: true
type: object
required:
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: 3a38a51992e8445ab51a549c0a70ee66
expiration:
description: Expiration date-time of the log configuration request. Can be no greater than 24 hours from current date-time.
example: '2024-11-06T01:31:08.013164Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: INFO
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
sailpoint.connector.JDBCConnector: DEBUG
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
examples:
Duration Minutes:
summary: Duration minutes
value:
clientId: 3a38a51992e8445ab51a549c0a70ee66
durationMinutes: 120
rootLevel: INFO
logLevels:
sailpoint.connector.ADLDAPConnector: TRACE
sailpoint.connector.JDBCConnector: DEBUG
Expiration:
summary: Expiration
value:
clientId: 3a38a51992e8445ab51a549c0a70ee66
expiration: '2024-11-06T01:31:08.013164Z'
rootLevel: INFO
logLevels:
sailpoint.connector.ADLDAPConnector: TRACE
sailpoint.connector.JDBCConnector: DEBUG
required: true
responses:
'200':
description: Response with updated client log configuration for the given managed cluster.
content:
application/json:
schema:
description: Client Runtime Logging Configuration
nullable: true
type: object
required:
- rootLevel
properties:
clientId:
description: Log configuration's client ID
type: string
example: 3a38a51992e8445ab51a549c0a70ee66
durationMinutes:
description: Duration in minutes for log configuration to remain in effect before resetting to defaults.
type: integer
format: int32
example: 120
default: 240
minimum: 5
maximum: 1440
expiration:
description: Expiration date-time of the log configuration request. Can be no greater than 24 hours from current date-time.
example: '2024-11-06T01:31:08.013164Z'
type: string
format: date-time
rootLevel:
description: 'Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
default: INFO
example: INFO
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
logLevels:
description: 'Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107).'
example:
sailpoint.connector.ADLDAPConnector: TRACE
sailpoint.connector.JDBCConnector: DEBUG
type: object
additionalProperties:
default: INFO
example: TRACE
description: Standard Log4j log level
type: string
enum:
- 'OFF'
- FATAL
- ERROR
- WARN
- INFO
- DEBUG
- TRACE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:remote-client:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
'/managed-clusters/{id}/manualUpgrade':
post:
tags:
- Managed Clusters
summary: Trigger manual upgrade for managed cluster
description: |-
Trigger Manual Upgrade for Managed Cluster.
AMS Security: API, Internal A token with SYSTEM_ADMINISTRATOR authority is required to call this API.
operationId: update
parameters:
- name: id
in: path
description: ID of managed cluster to trigger manual upgrade.
required: true
x-sailpoint-resource-operation-id: getManagedClusters
schema:
type: string
format: uuid
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
responses:
'200':
description: Manual upgrade of managed cluster for given cluster ID.
content:
application/json:
schema:
description: Manual Upgrade Job Response
nullable: false
type: object
properties:
jobs:
description: List of job objects for the upgrade request.
type: array
items:
type: object
required:
- uuid
- cookbook
- state
- type
- targetId
- managedProcessConfiguration
properties:
uuid:
description: Unique identifier for the upgrade job.
type: string
example: 4732440c-dacb-45b2-b2f8-ee2fa1327a07
cookbook:
description: Identifier for the cookbook used in the upgrade job.
type: string
example: 4732440c-dacb-45b2-b2f8-ee2fa1327a07
state:
description: Current state of the upgrade job.
type: string
example: PENDING
type:
description: 'The type of upgrade job (e.g., VA_UPGRADE).'
type: string
example: VA_UPGRADE
targetId:
description: Unique identifier of the target for the upgrade job.
type: string
example: 9fe8f1cc-2fd2-4675-a8cf-af4b43488ca2
managedProcessConfiguration:
description: Configuration of the managed processes involved in the upgrade.
type: object
properties:
charon:
description: Configuration details for the 'charon' process.
type: object
required:
- version
- path
- description
- restartNeeded
properties:
version:
description: Version of the 'charon' process.
type: string
example: '3047'
path:
description: Path to the 'charon' process.
type: string
example: sailpoint/charon
description:
description: A brief description of the 'charon' process.
type: string
example: version of charon used by the va
restartNeeded:
description: Indicates whether the process needs to be restarted.
type: boolean
example: true
ccg:
description: Configuration details for the 'ccg' process.
type: object
required:
- version
- path
- description
- restartNeeded
- dependencies
properties:
version:
description: Version of the 'ccg' process.
type: string
example: 1798_1054_241.0.0
path:
description: Path to the 'ccg' process.
type: string
example: sailpoint/ccg
description:
description: A brief description of the 'ccg' process.
type: string
example: CCG Deployment through ops-cli
restartNeeded:
description: Indicates whether the process needs to be restarted.
type: boolean
example: true
dependencies:
description: A map of dependencies for the 'ccg' process.
type: object
additionalProperties:
type: string
example:
IQService: 743/IQService-743.zip
connector-bundle-jdbc: 432/connector-bundle-jdbc-432.zip
connector-bundle-misc: 437/connector-bundle-misc-437.zip
connector-bundle-unix: 242/connector-bundle-unix-242.zip
connector-common-config: 208/connector-common-config-208.zip
connector-bundle-filebased: 222/connector-bundle-filebased-222.zip
connector-bundle-imprivata: 3/connector-bundle-imprivata-3.zip
connector-bundle-mainframe: 211/connector-bundle-mainframe-211.zip
connector-bundle-directories: 681/connector-bundle-directories-681.zip
connector-bundle-sap-on-prem: 196/connector-bundle-sap-on-prem-196.zip
connector-bundle-webservices: 1535/connector-bundle-webservices-1535.zip
connector-bundle-sap-cloud-app: 175/connector-bundle-sap-cloud-app-175.zip
connector-bundle-healthcare-epic: 302/connector-bundle-healthcare-epic-302.zip
connector-bundle-hrms-oraclefusionhcm: 166/connector-bundle-hrms-oraclefusionhcm-166.zip
connector-bundle-collaboration-connectors: 246/connector-bundle-collaboration-connectors-246.zip
otel_agent:
description: Configuration details for the 'otel_agent' process.
type: object
required:
- version
- path
- description
- restartNeeded
properties:
version:
description: Version of the 'otel_agent' process.
type: string
example: '3003'
path:
description: Path to the 'otel_agent' process.
type: string
example: sailpoint/otel_agent
description:
description: A brief description of the 'otel_agent' process.
type: string
example: version of otel_agent used by the va
restartNeeded:
description: Indicates whether the process needs to be restarted.
type: boolean
example: true
relay:
description: Configuration details for the 'relay' process.
type: object
required:
- version
- path
- description
- restartNeeded
properties:
version:
description: Version of the 'relay' process.
type: string
example: '3000'
path:
description: Path to the 'relay' process.
type: string
example: sailpoint/relay
description:
description: A brief description of the 'relay' process.
type: string
example: version of relay used by the va
restartNeeded:
description: Indicates whether the process needs to be restarted.
type: boolean
example: true
toolbox:
description: Configuration details for the 'toolbox' process.
type: object
required:
- version
- path
- description
- restartNeeded
properties:
version:
description: Version of the 'toolbox' process.
type: string
example: '3004'
path:
description: Path to the 'toolbox' process.
type: string
example: sailpoint/toolbox
description:
description: A brief description of the 'toolbox' process.
type: string
example: version of toolbox used by the va
restartNeeded:
description: Indicates whether the process needs to be restarted.
type: boolean
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:managed-cluster-upgrade:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
/managed-cluster-types:
get:
tags:
- Managed Cluster Types
summary: List managed cluster types
description: Get a list of Managed Cluster Types.
operationId: getManagedClusterTypes
parameters:
- name: type
in: query
required: false
description: Type descriptor
schema:
type: string
example: IDN
- name: pod
in: query
required: false
description: Pinned pod (or default)
schema:
type: string
example: megapod-useast1
- name: org
in: query
required: false
description: Pinned org (or default)
schema:
type: string
example: denali-xyz
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
responses:
'200':
description: Responds with a list of ManagedClusterType based on the query params provided
content:
application/json:
schema:
type: array
items:
description: Managed Cluster Type for Cluster upgrade configuration information
type: object
required:
- type
- pod
- org
properties:
id:
description: ManagedClusterType ID
readOnly: true
type: string
example: aClusterTypeId
type:
description: ManagedClusterType type name
type: string
example: idn
pod:
description: ManagedClusterType pod
type: string
example: megapod-useast1
org:
description: ManagedClusterType org
type: string
example: denali-cjh
managedProcessIds:
type: array
description: List of processes for the cluster type
items:
type: string
example:
- someId
- someId2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:managed-cluster-types:read'
x-sailpoint-userLevels:
- ORG_ADMIN
post:
tags:
- Managed Cluster Types
summary: Create new managed cluster type
description: |-
Create a new Managed Cluster Type.
The API returns a result that includes the Managed Cluster Type ID
operationId: createManagedClusterType
requestBody:
required: true
content:
application/json:
schema:
description: Managed Cluster Type for Cluster upgrade configuration information
type: object
required:
- type
- pod
- org
properties:
id:
description: ManagedClusterType ID
readOnly: true
type: string
example: aClusterTypeId
type:
description: ManagedClusterType type name
type: string
example: idn
pod:
description: ManagedClusterType pod
type: string
example: megapod-useast1
org:
description: ManagedClusterType org
type: string
example: denali-cjh
managedProcessIds:
type: array
description: List of processes for the cluster type
items:
type: string
example:
- someId
- someId2
responses:
'200':
description: The created ManagedClusterType
content:
application/json:
schema:
description: Managed Cluster Type for Cluster upgrade configuration information
type: object
required:
- type
- pod
- org
properties:
id:
description: ManagedClusterType ID
readOnly: true
type: string
example: aClusterTypeId
type:
description: ManagedClusterType type name
type: string
example: idn
pod:
description: ManagedClusterType pod
type: string
example: megapod-useast1
org:
description: ManagedClusterType org
type: string
example: denali-cjh
managedProcessIds:
type: array
description: List of processes for the cluster type
items:
type: string
example:
- someId
- someId2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'dn:managed-cluster-types:create'
x-sailpoint-userLevels:
- ORG_ADMIN
'/managed-cluster-types/{id}':
get:
tags:
- Managed Cluster Types
summary: Get a managed cluster type
description: Get a Managed Cluster Type.
operationId: getManagedClusterType
parameters:
- name: id
in: path
description: The Managed Cluster Type ID
required: true
x-sailpoint-resource-operation-id: getManagedClusterTypes
schema:
type: string
example: aClusterTypeId
responses:
'200':
description: Responds with a ManagedClusterType
content:
application/json:
schema:
description: Managed Cluster Type for Cluster upgrade configuration information
type: object
required:
- type
- pod
- org
properties:
id:
description: ManagedClusterType ID
readOnly: true
type: string
example: aClusterTypeId
type:
description: ManagedClusterType type name
type: string
example: idn
pod:
description: ManagedClusterType pod
type: string
example: megapod-useast1
org:
description: ManagedClusterType org
type: string
example: denali-cjh
managedProcessIds:
type: array
description: List of processes for the cluster type
items:
type: string
example:
- someId
- someId2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:managed-cluster-types:read'
x-sailpoint-userLevels:
- ORG_ADMIN
patch:
tags:
- Managed Cluster Types
summary: Update a managed cluster type
description: Update an existing Managed Cluster Type.
operationId: updateManagedClusterType
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getManagedClusterTypes
description: The Managed Cluster Type ID
example: aClusterTypeId
requestBody:
required: true
description: The JSONPatch payload used to update the schema.
content:
application/json-patch+json:
schema:
type: object
description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
properties:
operations:
description: Operations to be applied
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
responses:
'200':
description: The updated ManagedClusterType
content:
application/json:
schema:
description: Managed Cluster Type for Cluster upgrade configuration information
type: object
required:
- type
- pod
- org
properties:
id:
description: ManagedClusterType ID
readOnly: true
type: string
example: aClusterTypeId
type:
description: ManagedClusterType type name
type: string
example: idn
pod:
description: ManagedClusterType pod
type: string
example: megapod-useast1
org:
description: ManagedClusterType org
type: string
example: denali-cjh
managedProcessIds:
type: array
description: List of processes for the cluster type
items:
type: string
example:
- someId
- someId2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:managed-cluster-types:update'
x-sailpoint-userLevels:
- ORG_ADMIN
delete:
operationId: deleteManagedClusterType
tags:
- Managed Cluster Types
summary: Delete a managed cluster type
description: Delete an existing Managed Cluster Type.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getManagedClusterTypes
description: The Managed Cluster Type ID
example: aClusterTypeId
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:managed-cluster-types:delete'
x-sailpoint-userLevels:
- ORG_ADMIN
/mfa/okta-verify/config:
get:
operationId: getMFAOktaConfig
tags:
- MFA Configuration
summary: Configuration of okta mfa method
description: This API returns the configuration of an Okta MFA method.
security:
- userAuth:
- 'idn:mfa-configuration:read'
- 'idn:mfa-configuration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
responses:
'200':
description: The configuration of an Okta MFA method.
content:
application/json:
schema:
type: object
properties:
mfaMethod:
type: string
nullable: true
description: Mfa method name
example: okta-verify
enabled:
type: boolean
description: If MFA method is enabled.
default: false
example: true
host:
type: string
nullable: true
description: The server host name or IP address of the MFA provider.
example: example.com
accessKey:
type: string
nullable: true
description: The secret key for authenticating requests to the MFA provider.
example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute:
type: string
nullable: true
description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.
example: email
example:
mfaMethod: okta-verify
enabled: true
host: www.example.com
accessKey: d******Y
identityAttribute: email
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setMFAOktaConfig
tags:
- MFA Configuration
summary: Set okta mfa configuration
description: This API sets the configuration of an Okta MFA method.
security:
- userAuth:
- 'idn:mfa-configuration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
mfaMethod:
type: string
nullable: true
description: Mfa method name
example: okta-verify
enabled:
type: boolean
description: If MFA method is enabled.
default: false
example: true
host:
type: string
nullable: true
description: The server host name or IP address of the MFA provider.
example: example.com
accessKey:
type: string
nullable: true
description: The secret key for authenticating requests to the MFA provider.
example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute:
type: string
nullable: true
description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.
example: email
example:
mfaMethod: okta-verify
enabled: true
host: www.example.com
accessKey: dk778Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute: email
responses:
'200':
description: MFA configuration of an Okta MFA method.
content:
application/json:
schema:
type: object
properties:
mfaMethod:
type: string
nullable: true
description: Mfa method name
example: okta-verify
enabled:
type: boolean
description: If MFA method is enabled.
default: false
example: true
host:
type: string
nullable: true
description: The server host name or IP address of the MFA provider.
example: example.com
accessKey:
type: string
nullable: true
description: The secret key for authenticating requests to the MFA provider.
example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute:
type: string
nullable: true
description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.
example: email
example:
mfaMethod: okta-verify
enabled: true
host: www.example.com
accessKey: d******Y
identityAttribute: email
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/mfa/duo-web/config:
get:
operationId: getMFADuoConfig
tags:
- MFA Configuration
summary: Configuration of duo mfa method
description: This API returns the configuration of an Duo MFA method.
security:
- userAuth:
- 'idn:mfa-configuration:read'
- 'idn:mfa-configuration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
responses:
'200':
description: The configuration of an Duo MFA method.
content:
application/json:
schema:
type: object
properties:
mfaMethod:
type: string
nullable: true
description: Mfa method name
example: duo-web
enabled:
type: boolean
description: If MFA method is enabled.
default: false
example: true
host:
type: string
nullable: true
description: The server host name or IP address of the MFA provider.
example: example.com
accessKey:
type: string
nullable: true
description: The secret key for authenticating requests to the MFA provider.
example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute:
type: string
nullable: true
description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.
example: email
configProperties:
description: A map with additional config properties for the given MFA method - duo-web.
type: object
nullable: true
additionalProperties: true
example:
skey: qwERttyZx1CdlQye2Vwtbsjr3HKddy4BAiCXjc5x
ikey: Q123WE45R6TY7890ZXCV
example:
mfaMethod: duo-web
enabled: true
host: www.example.com
accessKey: d******Y
identityAttribute: email
configProperties:
skey: 6******B
ikey: Q123WE45R6TY7890ZXCV
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setMFADuoConfig
tags:
- MFA Configuration
summary: Set duo mfa configuration
description: This API sets the configuration of an Duo MFA method.
security:
- userAuth:
- 'idn:mfa-configuration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
mfaMethod:
type: string
nullable: true
description: Mfa method name
example: duo-web
enabled:
type: boolean
description: If MFA method is enabled.
default: false
example: true
host:
type: string
nullable: true
description: The server host name or IP address of the MFA provider.
example: example.com
accessKey:
type: string
nullable: true
description: The secret key for authenticating requests to the MFA provider.
example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute:
type: string
nullable: true
description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.
example: email
configProperties:
description: A map with additional config properties for the given MFA method - duo-web.
type: object
nullable: true
additionalProperties: true
example:
skey: qwERttyZx1CdlQye2Vwtbsjr3HKddy4BAiCXjc5x
ikey: Q123WE45R6TY7890ZXCV
example:
mfaMethod: duo-web
enabled: true
host: www.example.com
accessKey: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute: email
configProperties:
skey: 12q3WERlcUHWJmiMqyCXI3uOF7EaDJTbdeOp6E2B
ikey: Q123WE45R6TY7890ZXCV
responses:
'200':
description: MFA configuration of an Duo MFA method.
content:
application/json:
schema:
type: object
properties:
mfaMethod:
type: string
nullable: true
description: Mfa method name
example: duo-web
enabled:
type: boolean
description: If MFA method is enabled.
default: false
example: true
host:
type: string
nullable: true
description: The server host name or IP address of the MFA provider.
example: example.com
accessKey:
type: string
nullable: true
description: The secret key for authenticating requests to the MFA provider.
example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y
identityAttribute:
type: string
nullable: true
description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider.
example: email
configProperties:
description: A map with additional config properties for the given MFA method - duo-web.
type: object
nullable: true
additionalProperties: true
example:
skey: qwERttyZx1CdlQye2Vwtbsjr3HKddy4BAiCXjc5x
ikey: Q123WE45R6TY7890ZXCV
example:
mfaMethod: duo-web
enabled: true
host: www.example.com
accessKey: q******y
identityAttribute: email
configProperties:
skey: 1******B
ikey: Q123WE45R6TY7890ZXCV
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/mfa/kba/config:
get:
operationId: getMFAKbaConfig
tags:
- MFA Configuration
summary: Configuration of kba mfa method
description: This API returns the KBA configuration for MFA.
parameters:
- in: query
name: allLanguages
required: false
schema:
type: boolean
description: |-
Indicator whether the question text should be returned in all configured languages
* If true, the question text is returned in all languages that it is configured in.
* If false, the question text is returned in the user locale if available, else for the default locale.
* If not passed, it behaves the same way as passing this parameter as false
example: allLanguages=true
security:
- userAuth:
- 'idn:mfa-kba:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- USER
responses:
'200':
description: The configuration for KBA MFA method.
content:
application/json:
schema:
type: array
items:
description: KBA Configuration
type: object
properties:
id:
type: string
nullable: false
description: KBA Question Id
example: 143cfd3b-c23f-426b-ae5f-d3db06fa5919
text:
type: string
nullable: false
description: KBA Question description
example: '[{"text":"Nouvelle question MFA -1 ?","locale":"fr"},{"text":"MFA new question -1 ?","locale":""}]'
hasAnswer:
type: boolean
nullable: false
description: Denotes whether the KBA question has an answer configured for any user in the tenant
example: true
numAnswers:
type: integer
format: int32
nullable: false
description: Denotes the number of KBA configurations for this question
example: 5
required:
- id
- text
- hasAnswer
- numAnswers
example:
- id: 143cfd3b-c23f-426b-ae5f-d3db06fa5919
text: MFA new question -1 ?
hasAnswer: false
numAnswers: 0
- id: '173421'
text: What is your alphanumeric PIN?
hasAnswer: false
numAnswers: 3
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/mfa/kba/config/answers:
post:
operationId: setMFAKBAConfig
tags:
- MFA Configuration
summary: Set mfa kba configuration
description: 'This API sets answers to challenge questions. Any configured questions omitted from the request are removed from user KBA configuration. '
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
nullable: false
description: Question Id
example: c54fee53-2d63-4fc5-9259-3e93b9994135
answer:
type: string
nullable: false
description: An answer for the KBA question
example: Your answer
required:
- id
- answer
example:
- id: '173423'
answer: 822cd15d6c15aa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a0859a2fea34
- id: c54fee53-2d63-4fc5-9259-3e93b9994135
answer: 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
security:
- userAuth:
- 'idn:mfa-kba:authenticate'
x-sailpoint-userLevels:
- USER
responses:
'200':
description: The new KBA configuration for the user.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
nullable: false
description: Question Id
example: c54fee53-2d63-4fc5-9259-3e93b9994135
question:
type: string
nullable: false
description: Question description
example: '[{"text":"Nouvelle question MFA -1 ?","locale":"fr"},{"text":"MFA new question -1 ?","locale":""}]'
hasAnswer:
type: boolean
nullable: false
description: Denotes whether the KBA question has an answer configured for the current user
example: true
required:
- id
- question
- hasAnswer
example:
- id: 143cfd3b-c23f-426b-ae5f-d3db06fa5919
question: '[{"text":"Nouvelle question MFA -1 ?","locale":"fr"},{"text":"MFA new question -1 ?","locale":""}]'
hasAnswer: false
- id: '173421'
question: '[{"text":"What is your alphanumeric PIN?","locale":""}]'
hasAnswer: true
- id: c54fee53-2d63-4fc5-9259-3e93b9994135
question: '[{"text":"Nouvelle question MFA - 2 ?","locale":"fr"},{"text":"MFA new question - 2 ?","locale":""}]'
hasAnswer: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/mfa/{method}/test':
get:
operationId: testMFAConfig
tags:
- MFA Configuration
summary: Mfa method's test configuration
description: This API validates that the configuration is valid and will properly authenticate with the MFA provider identified by the method path parameter.
security:
- userAuth:
- 'idn:mfa-configuration:read'
- 'idn:mfa-configuration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: method
schema:
type: string
example: okta-verify
nullable: false
enum:
- okta-verify
- duo-web
required: true
description: The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'.
responses:
'200':
description: The result of configuration test for the MFA provider.
content:
application/json:
schema:
description: Response model for configuration test of a given MFA method
type: object
properties:
state:
type: string
enum:
- SUCCESS
- FAILED
description: The configuration test result.
example: SUCCESS
readOnly: true
error:
type: string
example: MFA Method is disabled.
description: The error message to indicate the failure of configuration test.
readOnly: true
example:
state: SUCCESS
error: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/multihosts:
post:
tags:
- Multi-Host Integration
summary: Create multi-host integration
description: |-
This API is used to create Multi-Host Integration. Multi-host Integration holds similar types of sources.
A token with Org Admin or Multi-Host Admin authority is required to access this endpoint.
operationId: createMultiHostIntegration
requestBody:
description: The specifics of the Multi-Host Integration to create
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Multi-Host Integration's human-readable name.
example: My Multi-Host Integration
description:
type: string
description: Multi-Host Integration's human-readable description.
example: This is the Multi-Host Integration.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
connector:
type: string
description: Connector script name.
example: multihost-microsoft-sql-server
connectorAttributes:
type: object
additionalProperties: true
description: 'Multi-Host Integration specific configuration. User can add any number of additional attributes. e.g. maxSourcesPerAggGroup, maxAllowedSources etc.'
example:
maxSourcesPerAggGroup: 10
maxAllowedSources: 300
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
required:
- name
- owner
- connector
- description
required: true
responses:
'201':
description: OK. Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Multi-Host Integration ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Multi-Host Integration's human-readable name.
example: My Multi-Host Integration
description:
type: string
description: Multi-Host Integration's human-readable description.
example: This is a Multi-Host Integration.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter object used during manager correlation to match incoming manager values to an existing manager's
account/identity.
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Workday, Multi-Host - Microsoft SQL Server, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`.'
example: Multi-Host - Microsoft SQL Server
connector:
type: string
description: Connector script name.
example: multihost-microsoft-sql-server
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.OpenConnectorAdapter
connectorAttributes:
type: object
additionalProperties:
type: string
description: Connector specific configuration. This configuration will differ for Multi-Host Integration type.
properties:
maxAllowedSources:
type: integer
format: int32
description: Maximum sources allowed count of a Multi-Host Integration
example: 250
lastSourceUploadCount:
type: integer
format: int32
description: Last upload sources count of a Multi-Host Integration
example: 40
connectorFileUploadHistory:
type: object
properties:
connectorFileNameUploadedDate:
description: File name of the connector JAR
type: string
example: '2024-08-29T10:20:38.896479Z'
multihost_status:
type: string
enum:
- ready
- processing
- fileUploadInProgress
- sourceCreationInProgress
- aggregationGroupingInProgress
- aggregationScheduleInProgress
- deleteInProgress
- deleteFailed
description: Multi-Host integration status.
example: ready
showAccountSchema:
description: Show account schema
type: boolean
example: true
default: true
showEntitlementSchema:
description: Show entitlement schema
type: boolean
example: true
default: true
multiHostAttributes:
type: object
description: Attributes of Multi-Host Integration
properties:
password:
description: Password.
type: string
example: Password
connector_files:
type: string
description: Connector file.
example: mssql-jdbc-8.4.1.jre8.jar
authType:
type: string
description: Authentication type.
example: SQLAuthentication
user:
type: string
description: Username.
example: My Username
example:
multiHostAttributes:
password: Password
user: Username
connector_files: mssql-jdbc-8.4.1.jre8.jar
authType: SQLAuthentication
connectorFileUploadHistory:
connectorFileNameUploadedDate: '2024-08-29T10:20:38.896479Z'
maxAllowedSources: 30
lastSourceUploadCount: 50
showEntitlementSchema: true
showAccountSchema: true
multihost_status: ready
deleteThreshold:
type: integer
format: int32
minimum: 0
maximum: 100
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: Status identifier that gives specific information about why a source is or isn't healthy.
example: SOURCE_STATE_HEALTHY
since:
type: string
format: date-time
description: Timestamp that shows when a source health check was last performed.
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: Connector ID
example: multihost-microsoft-sql-server
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Multi-Host Microsoft SQL Server
connectionType:
type: string
enum:
- direct
- file
description: Type of connection (direct or file).
example: direct
connectorImplementationId:
type: string
description: Connector implementation ID.
example: multihost-microsoft-sql-server
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
accountsFile:
description: Reference to accounts file for the source.
type: object
nullable: true
properties:
name:
description: Name of the accounts file.
type: string
example: My Accounts File
key:
type: string
description: The accounts file key.
example: 2c91808568c529c60168cca6f90c2222
uploadTime:
type: string
description: Date-time when the file was uploaded
format: date-time
example: '2022-02-08T14:50:03.827Z'
expiry:
type: string
description: Date-time when the accounts file expired.
format: date-time
example: '2022-02-08T14:50:03.827Z'
expired:
type: boolean
default: false
description: 'If this is true, it indicates that the accounts file has expired.'
example: false
required:
- name
- owner
- connector
- description
- id
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:multihosts:create'
- 'idn:sources:create'
get:
tags:
- Multi-Host Integration
summary: List all existing multi-host integrations
description: |-
Get a list of Multi-Host Integrations.
A token with Org Admin or Multi-Host Admin authority is required to access this endpoint.
operationId: getMultiHostIntegrationsList
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- name: sorters
in: query
required: false
style: form
explode: true
schema:
type: string
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
example: name
- name: filters
in: query
required: false
style: form
explode: true
schema:
type: string
format: comma-separated
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**type**: *in*
**forSubAdminId**: *in*
example: id eq 2c91808b6ef1d43e016efba0ce470904
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: for-subadmin
in: query
schema:
type: string
description: |-
If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity or SOURCE_SUBADMIN identity.
The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID.
A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.
example: 5168015d32f890ca15812c9180835d2e
responses:
'200':
description: OK. Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
readOnly: true
description: Multi-Host Integration ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Multi-Host Integration's human-readable name.
example: My Multi-Host Integration
description:
type: string
description: Multi-Host Integration's human-readable description.
example: This is a Multi-Host Integration.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter object used during manager correlation to match incoming manager values to an existing manager's
account/identity.
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Workday, Multi-Host - Microsoft SQL Server, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`.'
example: Multi-Host - Microsoft SQL Server
connector:
type: string
description: Connector script name.
example: multihost-microsoft-sql-server
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.OpenConnectorAdapter
connectorAttributes:
type: object
additionalProperties:
type: string
description: Connector specific configuration. This configuration will differ for Multi-Host Integration type.
properties:
maxAllowedSources:
type: integer
format: int32
description: Maximum sources allowed count of a Multi-Host Integration
example: 250
lastSourceUploadCount:
type: integer
format: int32
description: Last upload sources count of a Multi-Host Integration
example: 40
connectorFileUploadHistory:
type: object
properties:
connectorFileNameUploadedDate:
description: File name of the connector JAR
type: string
example: '2024-08-29T10:20:38.896479Z'
multihost_status:
type: string
enum:
- ready
- processing
- fileUploadInProgress
- sourceCreationInProgress
- aggregationGroupingInProgress
- aggregationScheduleInProgress
- deleteInProgress
- deleteFailed
description: Multi-Host integration status.
example: ready
showAccountSchema:
description: Show account schema
type: boolean
example: true
default: true
showEntitlementSchema:
description: Show entitlement schema
type: boolean
example: true
default: true
multiHostAttributes:
type: object
description: Attributes of Multi-Host Integration
properties:
password:
description: Password.
type: string
example: Password
connector_files:
type: string
description: Connector file.
example: mssql-jdbc-8.4.1.jre8.jar
authType:
type: string
description: Authentication type.
example: SQLAuthentication
user:
type: string
description: Username.
example: My Username
example:
multiHostAttributes:
password: Password
user: Username
connector_files: mssql-jdbc-8.4.1.jre8.jar
authType: SQLAuthentication
connectorFileUploadHistory:
connectorFileNameUploadedDate: '2024-08-29T10:20:38.896479Z'
maxAllowedSources: 30
lastSourceUploadCount: 50
showEntitlementSchema: true
showAccountSchema: true
multihost_status: ready
deleteThreshold:
type: integer
format: int32
minimum: 0
maximum: 100
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: Status identifier that gives specific information about why a source is or isn't healthy.
example: SOURCE_STATE_HEALTHY
since:
type: string
format: date-time
description: Timestamp that shows when a source health check was last performed.
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: Connector ID
example: multihost-microsoft-sql-server
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Multi-Host Microsoft SQL Server
connectionType:
type: string
enum:
- direct
- file
description: Type of connection (direct or file).
example: direct
connectorImplementationId:
type: string
description: Connector implementation ID.
example: multihost-microsoft-sql-server
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
accountsFile:
description: Reference to accounts file for the source.
type: object
nullable: true
properties:
name:
description: Name of the accounts file.
type: string
example: My Accounts File
key:
type: string
description: The accounts file key.
example: 2c91808568c529c60168cca6f90c2222
uploadTime:
type: string
description: Date-time when the file was uploaded
format: date-time
example: '2022-02-08T14:50:03.827Z'
expiry:
type: string
description: Date-time when the accounts file expired.
format: date-time
example: '2022-02-08T14:50:03.827Z'
expired:
type: boolean
default: false
description: 'If this is true, it indicates that the accounts file has expired.'
example: false
required:
- name
- owner
- connector
- description
- id
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:multihosts:read'
- 'idn:sources:read'
/multihosts/types:
get:
tags:
- Multi-Host Integration
summary: List multi-host integration types
description: |-
This API endpoint returns the current list of supported Multi-Host Integration types.
A token with Org Admin or Multi-Host Admin authority is required to access this endpoint.
operationId: getMultihostIntegrationTypes
responses:
'200':
description: OK. Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: array
items:
description: This represents a Multi-Host Integration template type.
required:
- type
- scriptName
type: object
properties:
name:
description: This is the name of the type.
example: aName
type: string
type:
description: This is the type value for the type.
example: aType
type: string
scriptName:
description: This is the scriptName attribute value for the type.
example: aScriptName
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:multihosts:read'
- 'idn:sources:read'
'/multihosts/{multihostId}':
post:
tags:
- Multi-Host Integration
summary: Create sources within multi-host integration
description: |-
This API is used to create sources within Multi-Host Integration. Multi-Host Integration holds similar types of sources.
A token with Org Admin or Multi-Host Admin authority is required to access this endpoint.
operationId: createSourcesWithinMultiHost
parameters:
- name: multihostId
in: path
description: ID of the Multi-Host Integration.
required: true
x-sailpoint-resource-operation-id: getMultiHostIntegrations
style: simple
explode: false
schema:
type: string
example: 2c91808568c529c60168cca6f90c1326
requestBody:
description: The specifics of the sources to create within Multi-Host Integration.
content:
application/json:
schema:
type: array
items:
description: This represents sources to be created of same type.
required:
- name
type: object
properties:
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
connectorAttributes:
type: object
additionalProperties: true
description: Connector specific configuration. This configuration will differ from type to type.
example:
authType: SQLAuthentication
url: 'jdbc:sqlserver://178.18.41.118:1433'
user: username
driverClass: com.microsoft.sqlserver.jdbc.SQLServerDriver
maxSourcesPerAggGroup: 10
maxAllowedSources: 300
required: true
responses:
'200':
description: OK. Returned if the request was successfully accepted into the system.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:multihosts:create'
- 'idn:sources:create'
get:
tags:
- Multi-Host Integration
summary: Get multi-host integration by id
description: |-
Get an existing Multi-Host Integration.
A token with Org Admin or Multi-Host Integration Admin authority is required to access this endpoint.
operationId: getMultiHostIntegrations
parameters:
- name: multihostId
in: path
description: ID of the Multi-Host Integration.
required: true
x-sailpoint-resource-operation-id: getMultiHostIntegrations
style: simple
explode: false
schema:
type: string
example: 2c91808568c529c60168cca6f90c1326
responses:
'200':
description: OK. Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Multi-Host Integration ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Multi-Host Integration's human-readable name.
example: My Multi-Host Integration
description:
type: string
description: Multi-Host Integration's human-readable description.
example: This is a Multi-Host Integration.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter object used during manager correlation to match incoming manager values to an existing manager's
account/identity.
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Workday, Multi-Host - Microsoft SQL Server, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`.'
example: Multi-Host - Microsoft SQL Server
connector:
type: string
description: Connector script name.
example: multihost-microsoft-sql-server
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.OpenConnectorAdapter
connectorAttributes:
type: object
additionalProperties:
type: string
description: Connector specific configuration. This configuration will differ for Multi-Host Integration type.
properties:
maxAllowedSources:
type: integer
format: int32
description: Maximum sources allowed count of a Multi-Host Integration
example: 250
lastSourceUploadCount:
type: integer
format: int32
description: Last upload sources count of a Multi-Host Integration
example: 40
connectorFileUploadHistory:
type: object
properties:
connectorFileNameUploadedDate:
description: File name of the connector JAR
type: string
example: '2024-08-29T10:20:38.896479Z'
multihost_status:
type: string
enum:
- ready
- processing
- fileUploadInProgress
- sourceCreationInProgress
- aggregationGroupingInProgress
- aggregationScheduleInProgress
- deleteInProgress
- deleteFailed
description: Multi-Host integration status.
example: ready
showAccountSchema:
description: Show account schema
type: boolean
example: true
default: true
showEntitlementSchema:
description: Show entitlement schema
type: boolean
example: true
default: true
multiHostAttributes:
type: object
description: Attributes of Multi-Host Integration
properties:
password:
description: Password.
type: string
example: Password
connector_files:
type: string
description: Connector file.
example: mssql-jdbc-8.4.1.jre8.jar
authType:
type: string
description: Authentication type.
example: SQLAuthentication
user:
type: string
description: Username.
example: My Username
example:
multiHostAttributes:
password: Password
user: Username
connector_files: mssql-jdbc-8.4.1.jre8.jar
authType: SQLAuthentication
connectorFileUploadHistory:
connectorFileNameUploadedDate: '2024-08-29T10:20:38.896479Z'
maxAllowedSources: 30
lastSourceUploadCount: 50
showEntitlementSchema: true
showAccountSchema: true
multihost_status: ready
deleteThreshold:
type: integer
format: int32
minimum: 0
maximum: 100
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: Status identifier that gives specific information about why a source is or isn't healthy.
example: SOURCE_STATE_HEALTHY
since:
type: string
format: date-time
description: Timestamp that shows when a source health check was last performed.
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: Connector ID
example: multihost-microsoft-sql-server
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Multi-Host Microsoft SQL Server
connectionType:
type: string
enum:
- direct
- file
description: Type of connection (direct or file).
example: direct
connectorImplementationId:
type: string
description: Connector implementation ID.
example: multihost-microsoft-sql-server
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
accountsFile:
description: Reference to accounts file for the source.
type: object
nullable: true
properties:
name:
description: Name of the accounts file.
type: string
example: My Accounts File
key:
type: string
description: The accounts file key.
example: 2c91808568c529c60168cca6f90c2222
uploadTime:
type: string
description: Date-time when the file was uploaded
format: date-time
example: '2022-02-08T14:50:03.827Z'
expiry:
type: string
description: Date-time when the accounts file expired.
format: date-time
example: '2022-02-08T14:50:03.827Z'
expired:
type: boolean
default: false
description: 'If this is true, it indicates that the accounts file has expired.'
example: false
required:
- name
- owner
- connector
- description
- id
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:multihosts:read'
- 'idn:sources:read'
delete:
tags:
- Multi-Host Integration
summary: Delete multi-host integration
description: |-
Delete an existing Multi-Host Integration by ID.
A token with Org Admin or Multi Host Admin authority is required to access this endpoint.
operationId: deleteMultiHost
parameters:
- name: multihostId
in: path
description: ID of Multi-Host Integration to delete.
required: true
x-sailpoint-resource-operation-id: getMultiHostIntegrations
style: simple
explode: false
schema:
type: string
example: 2c91808568c529c60168cca6f90c1326
responses:
'200':
description: OK. Returned if the request was successfully accepted into the system.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:multihosts:delete'
- 'idn:sources:delete'
patch:
operationId: updateMultiHostSources
tags:
- Multi-Host Integration
summary: Update multi-host integration
description: |-
Update existing sources within Multi-Host Integration.
A token with Org Admin or Multi-Host Admin authority is required to access this endpoint.
parameters:
- name: multihostId
in: path
description: ID of the Multi-Host Integration to update.
required: true
x-sailpoint-resource-operation-id: getMultiHostIntegrations
style: simple
explode: false
schema:
type: string
example: anId
requestBody:
required: true
description: |
This endpoint allows you to update a Multi-Host Integration.
content:
application/json-patch+json:
schema:
type: array
description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902).'
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- replace
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: add
path: /description
value: MDK Multi-Host Integration 222 description
responses:
'200':
description: OK. Returned if the request was successfully accepted into the system.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:multihosts:update'
'/multihosts/{multihostId}/sources/testConnection':
post:
tags:
- Multi-Host Integration
summary: Test configuration for multi-host integration
description: |-
This endpoint performs a more detailed validation of the Multi-Host Integration's configuration.
A token with Org Admin or Multi-Host Admin authority is required to access this endpoint.
operationId: testConnectionMultiHostSources
parameters:
- name: multihostId
in: path
description: ID of the Multi-Host Integration
required: true
x-sailpoint-resource-operation-id: getMultiHostIntegrations
style: simple
explode: false
schema:
type: string
example: 2c91808568c529c60168cca6f90c1324
responses:
'200':
description: OK. Returned if the request was successfully accepted into the system.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:multihosts:read'
- 'idn:sources:read'
'/multihosts/{multihostId}/sources/{sourceId}/testConnection':
get:
tags:
- Multi-Host Integration
summary: Test configuration for multi-host integration's single source
description: |-
This endpoint performs a more detailed validation of the source's configuration.
A token with Org Admin or Multi-Host Admin authority is required to access this endpoint.
operationId: testSourceConnectionMultihost
parameters:
- name: multihostId
in: path
description: ID of the Multi-Host Integration
required: true
x-sailpoint-resource-operation-id: getMultiHostIntegrations
style: simple
explode: false
schema:
type: string
example: 2c91808568c529c60168cca6f90c1326
- name: sourceId
in: path
description: ID of the source within the Multi-Host Integration
required: true
x-sailpoint-resource-operation-id: getSourcesWithinMultiHost
style: simple
explode: false
schema:
type: string
example: 2c91808568c529f60168cca6f90c1324
responses:
'200':
description: OK. Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
description: Source's test connection status.
example: true
message:
type: string
description: Source's test connection message.
example: Tes.
timing:
type: integer
description: Source's test connection timing.
example: 30437
resultType:
enum:
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
description: Source's human-readable result type.
example: SOURCE_STATE_HEALTHY
testConnectionDetails:
type: string
description: Source's human-readable test connection details.
example: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:multihosts:read'
- 'idn:sources:read'
'/multihosts/{multihostId}/sources':
get:
tags:
- Multi-Host Integration
summary: List sources within multi-host integration
description: |-
Get a list of sources within Multi-Host Integration ID.
A token with Org Admin or Multi-Host Admin authority is required to access this endpoint.
operationId: getSourcesWithinMultiHost
parameters:
- name: multihostId
in: path
description: ID of the Multi-Host Integration to update
required: true
x-sailpoint-resource-operation-id: getMultiHostIntegrations
style: simple
explode: false
schema:
type: string
example: aMultiHostId
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- name: sorters
in: query
required: false
style: form
explode: true
schema:
type: string
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
example: name
- name: filters
in: query
required: false
style: form
explode: true
schema:
type: string
format: comma-separated
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *in*
example: id eq 2c91808b6ef1d43e016efba0ce470904
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: OK. Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the Source.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Multi-Host - Microsoft SQL Server, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: Multi-Host - Microsoft SQL Server
connector:
type: string
description: Connector script name.
example: multihost-microsoft-sql-server
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.OpenConnectorAdapter
connectorAttributes:
type: object
additionalProperties: true
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
minimum: 0
maximum: 100
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
format: date-time
description: Timestamp that shows when a source health check was last performed.
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: Connector ID
example: multihost-microsoft-sql-server
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Multi-Host Microsoft SQL Server
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: multihost-microsoft-sql-server
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
- id
- connectorName
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:multihosts:read'
- 'idn:sources:read'
'/multihosts/{multiHostId}/sources/errors':
get:
tags:
- Multi-Host Integration
summary: List multi-host source creation errors
description: |-
Get a list of sources creation errors within Multi-Host Integration ID.
A token with Org Admin or Multi-Host Admin authority is required to access this endpoint.
operationId: getMultiHostSourceCreationErrors
parameters:
- name: multiHostId
in: path
description: ID of the Multi-Host Integration
required: true
x-sailpoint-resource-operation-id: getMultiHostIntegrations
style: simple
explode: false
schema:
type: string
example: 004091cb79b04636b88662afa50a4440
responses:
'200':
description: OK. Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: array
items:
type: object
properties:
multihostId:
type: string
readOnly: true
description: Multi-Host Integration ID.
example: 2c91808568c529c60168cca6f90c1324
source_name:
type: string
description: Source's human-readable name.
example: My Source
source_error:
type: string
description: Source's human-readable description.
example: 'Source with internal name "My Source [source]" already exists.'
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
operation:
type: string
nullable: true
default: null
description: operation category (e.g. DELETE).
example: DELETE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:multihosts:read'
- 'idn:sources:read'
'/multihosts/{multihostId}/acctAggregationGroups':
get:
tags:
- Multi-Host Integration
summary: List account-aggregation-groups by multi-host id
description: |-
This API will return array of account aggregation groups within provided Multi-Host Integration ID.
A token with Org Admin or Multi-Host Admin authority is required to access this endpoint.
operationId: getAcctAggregationGroups
parameters:
- name: multihostId
in: path
description: ID of the Multi-Host Integration to update
required: true
x-sailpoint-resource-operation-id: getMultiHostIntegrations
style: simple
explode: false
schema:
type: string
example: aMultiHostId
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
responses:
'200':
description: OK. Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
description: Multi-Host Integration's aggregation schedule specification.
required:
- multihostId
- aggregation_grp_id
- aggregation_grp_name
- aggregation_cron_schedule
- enableSchedule
- source_id_list
properties:
multihostId:
description: Multi-Host Integration ID. The ID must be unique
type: string
example: 004091cb79b04636b88662afa50a4456
aggregation_grp_id:
description: Multi-Host Integration aggregation group ID
type: string
example: 004091cb79b04636b88662afa50a4448
aggregation_grp_name:
description: Multi-Host Integration name
type: string
example: Multi-Host Integration aggregation group name
aggregation_cron_schedule:
description: Cron expression to schedule aggregation
type: string
example: 0 0 0 * * ?
enableSchedule:
description: |-
Boolean value for Multi-Host Integration aggregation schedule.
This specifies if scheduled aggregation is enabled or disabled.
type: boolean
default: false
example: false
source_id_list:
description: Source IDs of the Multi-Host Integration
type: array
items:
type: string
example:
- 004091cb79b04636b88662afa50a4440
- 00af6d0d562a49b591c47be908740542
created:
description: Created date of Multi-Host Integration aggregation schedule
type: string
format: date-time
example: '2024-01-23T18:08:50.897Z'
modified:
description: Modified date of Multi-Host Integration aggregation schedule
type: string
format: date-time
example: '2024-01-23T18:08:50.897Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:multihosts:update'
x-sailpoint-userLevels:
- ORG_ADMIN
'/multihosts/{multiHostId}/entitlementAggregationGroups':
get:
tags:
- Multi-Host Integration
summary: List entitlement-aggregation-groups by integration id
description: |-
This API will return array of aggregation groups within provided Multi-Host Integration ID.
A token with Org Admin or Multi-Host Admin authority is required to access this endpoint.
operationId: getEntitlementAggregationGroups
parameters:
- name: multiHostId
in: path
description: ID of the Multi-Host Integration to update
required: true
x-sailpoint-resource-operation-id: getMultiHostIntegrations
style: simple
explode: false
schema:
type: string
example: aMultiHostId
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
responses:
'200':
description: OK. Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
description: Multi-Host Integration's aggregation schedule specification.
required:
- multihostId
- aggregation_grp_id
- aggregation_grp_name
- aggregation_cron_schedule
- enableSchedule
- source_id_list
properties:
multihostId:
description: Multi-Host Integration ID. The ID must be unique
type: string
example: 004091cb79b04636b88662afa50a4456
aggregation_grp_id:
description: Multi-Host Integration aggregation group ID
type: string
example: 004091cb79b04636b88662afa50a4448
aggregation_grp_name:
description: Multi-Host Integration name
type: string
example: Multi-Host Integration aggregation group name
aggregation_cron_schedule:
description: Cron expression to schedule aggregation
type: string
example: 0 0 0 * * ?
enableSchedule:
description: |-
Boolean value for Multi-Host Integration aggregation schedule.
This specifies if scheduled aggregation is enabled or disabled.
type: boolean
default: false
example: false
source_id_list:
description: Source IDs of the Multi-Host Integration
type: array
items:
type: string
example:
- 004091cb79b04636b88662afa50a4440
- 00af6d0d562a49b591c47be908740542
created:
description: Created date of Multi-Host Integration aggregation schedule
type: string
format: date-time
example: '2024-01-23T18:08:50.897Z'
modified:
description: Modified date of Multi-Host Integration aggregation schedule
type: string
format: date-time
example: '2024-01-23T18:08:50.897Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:multihosts:update'
x-sailpoint-userLevels:
- ORG_ADMIN
/non-employee-records:
post:
operationId: createNonEmployeeRecord
tags:
- Non-Employee Lifecycle Management
summary: Create non-employee record
description: |-
This request will create a non-employee record.
Requires role context of `idn:nesr:create`
requestBody:
description: Non-Employee record creation request body.
required: true
content:
application/json:
schema:
type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5125555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Additional attributes for a non-employee. Up to 10 custom attributes can be added.
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
required:
- accountName
- firstName
- lastName
- email
- phone
- manager
- sourceId
- startDate
- endDate
responses:
'200':
description: Created non-employee record.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
example: ef38f94347e94562b5bb8424a56397d8
accountName:
type: string
description: Requested identity account name.
example: Abby.Smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5125555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Additional attributes for a non-employee. Up to 10 custom attributes can be added.
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listNonEmployeeRecords
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: List non-employee records
description: |-
This gets a list of non-employee records. There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they can get a list of all of the non-employees.
2. The user is an account manager, in which case they can get a list of the non-employees that they manage.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'accountName,sourceId'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**
- in: query
name: filters
required: false
schema:
type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**sourceId**: *eq*
responses:
'200':
description: Non-Employee record objects
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
example: ef38f94347e94562b5bb8424a56397d8
accountName:
type: string
description: Requested identity account name.
example: Abby.Smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5125555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Additional attributes for a non-employee. Up to 10 custom attributes can be added.
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-records/{id}':
get:
operationId: getNonEmployeeRecord
tags:
- Non-Employee Lifecycle Management
summary: Get a non-employee record
description: |-
This gets a non-employee record.
Requires role context of `idn:nesr:read`
parameters:
- in: path
name: id
description: Non-Employee record id (UUID)
required: true
x-sailpoint-resource-operation-id: listNonEmployeeRecords
example: ef38f94347e94562b5bb8424a56397d8
schema:
type: string
responses:
'200':
description: Non-Employee record object
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
example: ef38f94347e94562b5bb8424a56397d8
accountName:
type: string
description: Requested identity account name.
example: Abby.Smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5125555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Additional attributes for a non-employee. Up to 10 custom attributes can be added.
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: updateNonEmployeeRecord
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Update non-employee record
description: |-
This request will update a non-employee record. There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:update`, in which case they
update all available fields.
2. The user is owner of the source, in this case they can only update the
end date.
parameters:
- in: path
name: id
description: Non-employee record id (UUID)
example: ef38f94347e94562b5bb8424a56397d8
required: true
x-sailpoint-resource-operation-id: listNonEmployeeRecords
schema:
type: string
requestBody:
description: Non-employee record creation request body. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.
required: true
content:
application/json:
schema:
type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5125555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Additional attributes for a non-employee. Up to 10 custom attributes can be added.
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
required:
- accountName
- firstName
- lastName
- email
- phone
- manager
- sourceId
- startDate
- endDate
responses:
'200':
description: An updated non-employee record.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
example: ef38f94347e94562b5bb8424a56397d8
accountName:
type: string
description: Requested identity account name.
example: Abby.Smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5125555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Additional attributes for a non-employee. Up to 10 custom attributes can be added.
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchNonEmployeeRecord
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Patch non-employee record
description: |-
This request will patch a non-employee record. There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:update`, in which case they
update all available fields.
2. The user is owner of the source, in this case they can only update the
end date.
parameters:
- in: path
name: id
description: Non-employee record id (UUID)
example: ef38f94347e94562b5bb8424a56397d8
required: true
x-sailpoint-resource-operation-id: listNonEmployeeRecords
schema:
type: string
requestBody:
description: 'A list of non-employee update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.'
required: true
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /endDate
value: '2019-08-23T18:40:35.772Z'
responses:
'200':
description: A patched non-employee record.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee record id.
example: ef38f94347e94562b5bb8424a56397d8
accountName:
type: string
description: Requested identity account name.
example: Abby.Smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5125555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Additional attributes for a non-employee. Up to 10 custom attributes can be added.
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2019-08-23T18:52:59.162Z'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2020-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeRecord
tags:
- Non-Employee Lifecycle Management
summary: Delete non-employee record
description: |-
This request will delete a non-employee record.
Requires role context of `idn:nesr:delete`
parameters:
- in: path
name: id
description: Non-Employee record id (UUID)
example: ef38f94347e94562b5bb8424a56397d8
required: true
x-sailpoint-resource-operation-id: listNonEmployeeRecords
schema:
type: string
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/non-employee-records/bulk-delete:
post:
operationId: deleteNonEmployeeRecordsInBulk
tags:
- Non-Employee Lifecycle Management
summary: Delete multiple non-employee records
description: 'This request will delete multiple non-employee records based on the non-employee ids provided. Requires role context of `idn:nesr:delete`'
requestBody:
description: Non-Employee bulk delete request body.
required: true
content:
application/json:
schema:
type: object
properties:
ids:
description: List of non-employee ids.
type: array
items:
type: string
format: uuid
example:
- 2b838de9-db9b-abcf-e646-d4f274ad4238
- 2d838de9-db9b-abcf-e646-d4f274ad4238
required:
- ids
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/non-employee-requests:
post:
operationId: createNonEmployeeRequest
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Create non-employee request
description: 'This request will create a non-employee request and notify the approver. Requires role context of `idn:nesr:create` or the user must own the source.'
requestBody:
description: Non-Employee creation request body
required: true
content:
application/json:
schema:
type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5125555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
sourceId:
type: string
description: Non-Employee's source id.
example: 2c91808568c529c60168cca6f90c1313
data:
type: object
additionalProperties:
type: string
description: Additional attributes for a non-employee. Up to 10 custom attributes can be added.
example:
description: Auditing
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
required:
- accountName
- firstName
- lastName
- email
- phone
- manager
- sourceId
- startDate
- endDate
responses:
'200':
description: Non-Employee request creation object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5125555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
nonEmployeeSource:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
data:
type: object
additionalProperties:
type: string
description: Additional attributes for a non-employee. Up to 10 custom attributes can be added.
example:
description: Auditing
approvalItems:
description: List of approval item for the request
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
comment:
type: string
description: Comment of requester
example: approved
completionDate:
type: string
format: date-time
description: When the request was completely approved.
example: '2020-03-24T11:11:41.139-05:00'
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2020-03-24T11:11:41.139-05:00'
created:
type: string
format: date-time
description: When the request was created.
example: '2020-03-24T11:11:41.139-05:00'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
400.1 Bad Request Content:
description: Response for bad request content
value:
detailCode: 400.1 Bad Request Content
trackingId: e7eab60924f64aa284175b9fa3309599
messages:
- locale: en
localeOrigin: REQUEST
text: firstName is required; accountName is required;
400.1.409 Reference conflict:
description: Response for reference conflict
value:
detailCode: 400.1.409 Reference conflict
trackingId: e7eab60924f64aa284175b9fa3309599
messages:
- locale: en
localeOrigin: REQUEST
text: Unable to create Non-Employee because the accountName "existed" is already being used.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listNonEmployeeRequests
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: List non-employee requests
description: |-
This gets a list of non-employee requests. There are two contextual uses for the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a list non-employee requests assigned to a particular account manager by passing in that manager's id.
2. The current user is an account manager, in which case "me" should be
provided as the `requested-for` value. This will provide the user with a list of the non-employee requests in the source(s) he or she manages.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: requested-for
required: true
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
description: The identity for whom the request was made. *me* indicates the current user.
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'created,approvalStatus'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**
- in: query
name: filters
required: false
schema:
type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**sourceId**: *eq*
responses:
'200':
description: List of non-employee request objects.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5125555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
nonEmployeeSource:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
data:
type: object
additionalProperties:
type: string
description: Additional attributes for a non-employee. Up to 10 custom attributes can be added.
example:
description: Auditing
approvalItems:
description: List of approval item for the request
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
comment:
type: string
description: Comment of requester
example: approved
completionDate:
type: string
format: date-time
description: When the request was completely approved.
example: '2020-03-24T11:11:41.139-05:00'
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2020-03-24T11:11:41.139-05:00'
created:
type: string
format: date-time
description: When the request was created.
example: '2020-03-24T11:11:41.139-05:00'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-requests/{id}':
get:
operationId: getNonEmployeeRequest
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get a non-employee request
description: |-
This gets a non-employee request.
There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in this case the user
can get the non-employee request for any user.
2. The user must be the owner of the non-employee request.
parameters:
- in: path
name: id
description: Non-Employee request id (UUID)
example: ac110005-7156-1150-8171-5b292e3e0084
required: true
x-sailpoint-resource-operation-id: listNonEmployeeRequests
schema:
type: string
responses:
'200':
description: Non-Employee request object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5125555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
nonEmployeeSource:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
data:
type: object
additionalProperties:
type: string
description: Additional attributes for a non-employee. Up to 10 custom attributes can be added.
example:
description: Auditing
approvalItems:
description: List of approval item for the request
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
comment:
type: string
description: Comment of requester
example: approved
completionDate:
type: string
format: date-time
description: When the request was completely approved.
example: '2020-03-24T11:11:41.139-05:00'
startDate:
type: string
format: date-time
description: Non-Employee employment start date.
example: '2020-03-24T00:00:00-05:00'
endDate:
type: string
format: date-time
description: Non-Employee employment end date.
example: '2021-03-25T00:00:00-05:00'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2020-03-24T11:11:41.139-05:00'
created:
type: string
format: date-time
description: When the request was created.
example: '2020-03-24T11:11:41.139-05:00'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeRequest
tags:
- Non-Employee Lifecycle Management
summary: Delete non-employee request
description: |-
This request will delete a non-employee request.
Requires role context of `idn:nesr:delete`
parameters:
- in: path
name: id
description: Non-Employee request id in the UUID format
required: true
x-sailpoint-resource-operation-id: listNonEmployeeRequests
schema:
type: string
format: uuid
example: ac110005-7156-1150-8171-5b292e3e0084
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-requests/summary/{requested-for}':
get:
operationId: getNonEmployeeRequestSummary
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get summary of non-employee requests
description: |-
This request will retrieve a summary of non-employee requests. There are two contextual uses for the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager's id.
2. The current user is an account manager, in which case "me" should be
provided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages.
parameters:
- in: path
name: requested-for
description: The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use "me" instead to indicate the current user.
required: true
x-sailpoint-resource-operation-id: listNonEmployeeRecords
schema:
type: string
format: uuid (if user is Org Admin)
example: 2c91808280430dfb0180431a59440460
responses:
'200':
description: Non-Employee request summary object.
content:
application/json:
schema:
type: object
properties:
approved:
type: integer
description: The number of approved non-employee requests on all sources that *requested-for* user manages.
example: 2
format: int32
rejected:
type: integer
description: The number of rejected non-employee requests on all sources that *requested-for* user manages.
example: 2
format: int32
pending:
type: integer
description: The number of pending non-employee requests on all sources that *requested-for* user manages.
example: 2
format: int32
nonEmployeeCount:
type: integer
description: The number of non-employee records on all sources that *requested-for* user manages.
example: 2
format: int32
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/non-employee-sources:
post:
operationId: createNonEmployeeSource
security:
- userAuth:
- 'idn:nelm:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Non-Employee Lifecycle Management
summary: Create non-employee source
description: 'Create a non-employee source. '
requestBody:
description: Non-Employee source creation request body.
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Name of non-employee source.
example: Retail
description:
type: string
description: Description of non-employee source.
example: Source description
owner:
description: Owner of non-employee source.
type: object
properties:
id:
type: string
format: UUID
description: Identity id.
example: 2c91808570313110017040b06f344ec9
required:
- id
managementWorkgroup:
type: string
description: The ID for the management workgroup that contains source sub-admins
example: '123299'
approvers:
description: List of approvers.
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Identity id.
example: 2c91808570313110017040b06f344ec9
required:
- id
maxItems: 3
accountManagers:
description: List of account managers.
type: array
items:
type: object
properties:
id:
type: string
format: UUID
description: Identity id.
example: 2c91808570313110017040b06f344ec9
required:
- id
maxItems: 10
required:
- owner
- name
- description
responses:
'200':
description: Created non-employee source.
content:
application/json:
schema:
allOf:
- allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
approvers:
description: List of approvers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountManagers:
description: List of account managers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
cloudExternalId:
type: string
description: Legacy ID used for sources from the V1 API. This attribute will be removed from a future version of the API and will not be considered a breaking change. No clients should rely on this ID always being present.
example: '99999'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listNonEmployeeSources
security:
- userAuth:
- 'idn:nelm:read'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Non-Employee Lifecycle Management
summary: List non-employee sources
description: |-
Get a list of non-employee sources. There are two contextual uses for the `requested-for` path parameter:
1. If the user has the role context of `idn:nesr:read`, he or she may request a list sources assigned to a particular account manager by passing in that manager's `id`.
2. If the current user is an account manager, the user should provide 'me' as the `requested-for` value. Doing so provide the user with a list of the sources he or she owns.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: requested-for
required: false
schema:
type: string
example: me
description: Identity the request was made for. Use 'me' to indicate the current user.
- in: query
name: non-employee-count
required: false
example: true
schema:
type: boolean
default: false
description: Flag that determines whether the API will return a non-employee count associated with the source.
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'name,created'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, sourceId**
responses:
'200':
description: List of non-employee sources objects.
content:
application/json:
schema:
type: array
items:
allOf:
- allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
approvers:
description: List of approvers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountManagers:
description: List of account managers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeCount:
type: integer
description: 'Number of non-employee records associated with this source. This value is ''NULL'' by default. To get the non-employee count, you must set the `non-employee-count` flag in your request to ''true''.'
format: int32
example: 120
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{sourceId}':
get:
operationId: getNonEmployeeSource
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get a non-employee source
description: |-
This gets a non-employee source. There are two contextual uses for the requested-for path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request any source.
2. The current user is an account manager, in which case the user can only
request sources that they own.
parameters:
- in: path
name: sourceId
description: Source Id
example: 2c91808b7c28b350017c2a2ec5790aa1
required: true
x-sailpoint-resource-operation-id: listNonEmployeeSources
schema:
type: string
responses:
'200':
description: Non-Employee source object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
approvers:
description: List of approvers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountManagers:
description: List of account managers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchNonEmployeeSource
tags:
- Non-Employee Lifecycle Management
summary: Patch a non-employee source
description: 'patch a non-employee source. (partial update) Patchable field: **name, description, approvers, accountManagers** Requires role context of `idn:nesr:update`.'
parameters:
- in: path
name: sourceId
description: Source Id
required: true
x-sailpoint-resource-operation-id: listNonEmployeeSources
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
requestBody:
description: 'A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
required: true
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /name
value:
new name: null
- op: replace
path: /approvers
value:
- 2c91809f703bb37a017040a2fe8748c7
- 48b1f463c9e8427db5a5071bd81914b8
responses:
'200':
description: A patched non-employee source object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
approvers:
description: List of approvers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountManagers:
description: List of account managers
type: array
items:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeSource
tags:
- Non-Employee Lifecycle Management
summary: Delete non-employee source
description: 'This request will delete a non-employee source. Requires role context of `idn:nesr:delete`.'
parameters:
- in: path
name: sourceId
description: Source Id
required: true
x-sailpoint-resource-operation-id: listNonEmployeeSources
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{id}/non-employees/download':
get:
operationId: exportNonEmployeeRecords
tags:
- Non-Employee Lifecycle Management
summary: Exports non-employee records to csv
description: 'This requests a CSV download for all non-employees from a provided source. Requires role context of `idn:nesr:read`'
parameters:
- in: path
name: id
description: Source Id (UUID)
required: true
x-sailpoint-resource-operation-id: listNonEmployeeSources
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
responses:
'200':
description: Exported CSV
content:
text/csv:
example: |
accountName,firstName,lastName,phone,email,manager,startDate,endDate
Jon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00
William.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{id}/non-employee-bulk-upload':
post:
operationId: importNonEmployeeRecordsInBulk
security:
- userAuth:
- 'idn:nelm:manage'
tags:
- Non-Employee Lifecycle Management
summary: 'Imports, or updates, non-employee records'
description: 'This post will import, or update, Non-Employee records found in the CSV. Requires role context of `idn:nesr:create`'
parameters:
- in: path
name: id
description: Source Id (UUID)
required: true
x-sailpoint-resource-operation-id: listNonEmployeeSources
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
data:
type: string
format: binary
required:
- data
responses:
'202':
description: The CSV was accepted to be bulk inserted now or at a later time.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The bulk upload job's ID. (UUID)
example: 2c91808568c529c60168cca6f90cffff
sourceId:
type: string
description: The ID of the source to bulk-upload non-employees to. (UUID)
example: 2c91808568c529c60168cca6f90c1313
created:
type: string
format: date-time
description: The date-time the job was submitted.
example: '2019-08-23T18:52:59.162Z'
modified:
type: string
format: date-time
description: The date-time that the job was last updated.
example: '2019-08-23T18:52:59.162Z'
status:
type: string
enum:
- PENDING
- IN_PROGRESS
- COMPLETED
- ERROR
description: |
Returns the following values indicating the progress or result of the bulk upload job.
"PENDING" means the job is queued and waiting to be processed.
"IN_PROGRESS" means the job is currently being processed.
"COMPLETED" means the job has been completed without any errors.
"ERROR" means the job failed to process with errors.
example: PENDING
'400':
description: |
Client Error - Returned if the request body is invalid.
The response body will contain the list of specific errors with one on each line.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{id}/non-employee-bulk-upload/status':
get:
operationId: getNonEmployeeBulkUploadStatus
tags:
- Non-Employee Lifecycle Management
summary: Obtain the status of bulk upload on the source
description: |
The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.
Requires role context of `idn:nesr:read`
parameters:
- in: path
name: id
description: Source ID (UUID)
required: true
x-sailpoint-resource-operation-id: listNonEmployeeSources
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
responses:
'200':
description: 'Status of the newest bulk-upload job, if any.'
content:
application/json:
schema:
type: object
properties:
status:
type: string
enum:
- PENDING
- IN_PROGRESS
- COMPLETED
- ERROR
description: |
Returns the following values indicating the progress or result of the bulk upload job.
"PENDING" means the job is queued and waiting to be processed.
"IN_PROGRESS" means the job is currently being processed.
"COMPLETED" means the job has been completed without any errors.
"ERROR" means the job failed to process with errors.
null means job has been submitted to the source.
example: PENDING
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{id}/schema-attributes-template/download':
get:
operationId: exportNonEmployeeSourceSchemaTemplate
tags:
- Non-Employee Lifecycle Management
summary: Exports source schema template
description: 'This requests a download for the Source Schema Template for a provided source. Requires role context of `idn:nesr:read`'
parameters:
- in: path
name: id
description: Source Id (UUID)
required: true
x-sailpoint-resource-operation-id: listNonEmployeeSources
example: ef38f94347e94562b5bb8424a56397d8
schema:
type: string
responses:
'200':
description: Exported Source Schema Template
content:
text/csv:
example: |
accountName,firstName,lastName,phone,email,manager,startDate,endDate
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/non-employee-approvals:
get:
operationId: listNonEmployeeApprovals
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get list of non-employee approval requests
description: |-
This gets a list of non-employee approval requests.
There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they
can list the approvals for any approver.
2. The user owns the requested approval.
parameters:
- in: query
name: requested-for
schema:
type: string
description: The identity for whom the request was made. *me* indicates the current user.
required: false
example: 2c91808280430dfb0180431a59440460
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**approvalStatus**: *eq*
example: approvalStatus eq "Pending"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified**
required: false
example: created
responses:
'200':
description: List of approval items.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeRequest:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee request id.
example: ac110005-7156-1150-8171-5b292e3e0084
requester:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
example:
type: IDENTITY
id: 2c9180866166b5b0016167c32ef31a66
name: William Smith
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-approvals/{id}':
get:
operationId: getNonEmployeeApproval
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get a non-employee approval item detail
description: |-
Gets a non-employee approval item detail. There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they
can get any approval.
2. The user owns the requested approval.
parameters:
- in: path
name: id
description: Non-Employee approval item id (UUID)
required: true
x-sailpoint-resource-operation-id: listNonEmployeeApprovals
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
- in: query
name: include-detail
description: The object nonEmployeeRequest will not be included detail when set to false. *Default value is true*
required: false
schema:
type: boolean
example: true
responses:
'200':
description: Non-Employee approval item object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeRequest:
description: Non-Employee request associated to this approval
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee request id.
example: ac110005-7156-1150-8171-5b292e3e0084
requester:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
example:
type: IDENTITY
id: 2c9180866166b5b0016167c32ef31a66
name: William Smith
- type: object
properties:
accountName:
type: string
description: Requested identity account name.
example: william.smith
firstName:
type: string
description: Non-Employee's first name.
example: William
lastName:
type: string
description: Non-Employee's last name.
example: Smith
email:
type: string
description: Non-Employee's email.
example: william.smith@example.com
phone:
type: string
description: Non-Employee's phone.
example: '5125555555'
manager:
type: string
description: The account ID of a valid identity to serve as this non-employee's manager.
example: jane.doe
nonEmployeeSource:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee source id.
example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
sourceId:
type: string
description: Source Id associated with this non-employee source.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Source name associated with this non-employee source.
example: Retail
description:
type: string
description: Source description associated with this non-employee source.
example: Source description
- type: object
properties:
schemaAttributes:
description: List of schema attributes associated with this non-employee source.
type: array
items:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
default: false
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
example: TEXT
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
default: false
required:
- type
- technicalName
- label
data:
type: object
additionalProperties:
type: string
description: Additional attributes for a non-employee. Up to 10 custom attributes can be added.
example:
description: Auditing
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
comment:
type: string
description: Comment of requester
example: approved
completionDate:
type: string
format: date-time
description: When the request was completely approved.
example: '2020-03-24T11:11:41.139-05:00'
startDate:
type: string
format: date
description: Non-Employee employment start date.
example: '2020-03-24'
endDate:
type: string
format: date
description: Non-Employee employment end date.
example: '2021-03-25'
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2020-03-24T11:11:41.139-05:00'
created:
type: string
format: date-time
description: When the request was created.
example: '2020-03-24T11:11:41.139-05:00'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-approvals/{id}/approve':
post:
operationId: approveNonEmployeeRequest
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Approve a non-employee request
description: Approves a non-employee approval request and notifies the next approver. The current user must be the requested approver.
parameters:
- in: path
name: id
description: Non-Employee approval item id (UUID)
required: true
x-sailpoint-resource-operation-id: listNonEmployeeApprovals
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
comment:
type: string
description: Comment on the approval item.
maxLength: 4000
example: Approved by manager
responses:
'200':
description: Non-Employee approval item object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeRequest:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee request id.
example: ac110005-7156-1150-8171-5b292e3e0084
requester:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
example:
type: IDENTITY
id: 2c9180866166b5b0016167c32ef31a66
name: William Smith
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-approvals/{id}/reject':
post:
operationId: rejectNonEmployeeRequest
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Reject a non-employee request
description: This endpoint will reject an approval item request and notify user. The current user must be the requested approver.
parameters:
- in: path
name: id
description: Non-Employee approval item id (UUID)
required: true
x-sailpoint-resource-operation-id: listNonEmployeeApprovals
schema:
type: string
example: e136567de87e4d029e60b3c3c55db56d
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
comment:
type: string
description: Comment on the approval item.
maxLength: 4000
example: approved
required:
- comment
responses:
'200':
description: Non-Employee approval item object.
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
format: UUID
description: Non-Employee approval item id
example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
approver:
description: Reference to the associated Identity
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
accountName:
type: string
description: Requested identity account name
example: test.account
approvalStatus:
type: string
enum:
- APPROVED
- REJECTED
- PENDING
- NOT_READY
- CANCELLED
description: Enum representing the non-employee request approval status
example: APPROVED
approvalOrder:
type: number
description: Approval order
example: 1
format: float
comment:
type: string
description: comment of approver
example: I approve
modified:
type: string
format: date-time
description: When the request was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the request was created.
example: '2019-08-23T18:40:35.772Z'
- type: object
properties:
nonEmployeeRequest:
type: object
properties:
id:
type: string
format: UUID
description: Non-Employee request id.
example: ac110005-7156-1150-8171-5b292e3e0084
requester:
type: object
properties:
type:
type: string
enum:
- GOVERNANCE_GROUP
- IDENTITY
example: IDENTITY
description: Identifies if the identity is a normal identity or a governance group
id:
type: string
description: Identity id
example: 5168015d32f890ca15812c9180835d2e
example:
type: IDENTITY
id: 2c9180866166b5b0016167c32ef31a66
name: William Smith
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-approvals/summary/{requested-for}':
get:
operationId: getNonEmployeeApprovalSummary
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get summary of non-employee approval requests
description: |-
This request will retrieve a summary of non-employee approval requests. There are two contextual uses for the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver's id.
2. The current user is an approver, in which case "me" should be provided
as the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her.
parameters:
- in: path
name: requested-for
schema:
type: string
description: The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use "me" instead to indicate the current user.
required: true
x-sailpoint-resource-operation-id: listIdentities
example: 2c91808280430dfb0180431a59440460
responses:
'200':
description: summary of non-employee approval requests
content:
application/json:
schema:
type: object
properties:
approved:
type: integer
description: The number of approved non-employee approval requests.
format: int32
example: 2
pending:
type: integer
description: The number of pending non-employee approval requests.
format: int32
example: 2
rejected:
type: integer
description: The number of rejected non-employee approval requests.
format: int32
example: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{sourceId}/schema-attributes':
get:
operationId: getNonEmployeeSourceSchemaAttributes
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: List schema attributes non-employee source
description: |-
This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8 mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can add up to 10 custom attributes. This interface returns all the mandatory attributes followed by any custom attributes. At most, a total of 18 attributes will be returned.
Requires role context of `idn:nesr:read` or the user must be an account manager of the source.
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listNonEmployeeSources
example: ef38f94347e94562b5bb8424a56397d8
description: The Source id
responses:
'200':
description: A list of Schema Attributes
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
default: false
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
example: TEXT
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
default: false
required:
- type
- technicalName
- label
maxItems: 18
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createNonEmployeeSourceSchemaAttributes
tags:
- Non-Employee Lifecycle Management
summary: Create a new schema attribute for non-employee source
description: |-
This API creates a new schema attribute for Non-Employee Source. The schema technical name must be unique in the source. Attempts to create a schema attribute with an existing name will result in a "400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts to create more than 10 will result in a "400.1.4 Limit violation" response.
Requires role context of `idn:nesr:create`
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listNonEmployeeSources
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
type:
type: string
description: Type of the attribute. Only type 'TEXT' is supported for custom attributes.
example: TEXT
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
required:
- type
- technicalName
- label
responses:
'200':
description: Schema Attribute created.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
default: false
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
example: TEXT
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
default: false
required:
- type
- technicalName
- label
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeSourceSchemaAttributes
tags:
- Non-Employee Lifecycle Management
summary: Delete all custom schema attributes for non-employee source
description: 'This end-point deletes all custom schema attributes for a non-employee source. Requires role context of `idn:nesr:delete`'
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listNonEmployeeSources
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/non-employee-sources/{sourceId}/schema-attributes/{attributeId}':
get:
operationId: getNonEmployeeSchemaAttribute
security:
- userAuth: []
tags:
- Non-Employee Lifecycle Management
summary: Get schema attribute non-employee source
description: 'This API gets a schema attribute by Id for the specified Non-Employee SourceId. Requires role context of `idn:nesr:read` or the user must be an account manager of the source.'
parameters:
- in: path
name: attributeId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getNonEmployeeSourceSchemaAttributes
example: ef38f94347e94562b5bb8424a56397d8
description: The Schema Attribute Id (UUID)
- in: path
name: sourceId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listNonEmployeeSources
example: ef38f94347e94562b5bb8424a56397d8
description: The Source id
responses:
'200':
description: The Schema Attribute
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
default: false
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
example: TEXT
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
default: false
required:
- type
- technicalName
- label
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchNonEmployeeSchemaAttribute
tags:
- Non-Employee Lifecycle Management
summary: Patch a schema attribute for non-employee source
description: |
This end-point patches a specific schema attribute for a non-employee SourceId.
Requires role context of `idn:nesr:update`
parameters:
- in: path
name: attributeId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getNonEmployeeSourceSchemaAttributes
description: The Schema Attribute Id (UUID)
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: sourceId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listNonEmployeeSources
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
description: 'A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following properties are allowed for update '':'' ''label'', ''helpText'', ''placeholder'', ''required''.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /label
value:
new attribute label: null
required: true
responses:
'200':
description: The Schema Attribute was successfully patched.
content:
application/json:
schema:
type: object
properties:
id:
type: string
format: UUID
example: ac110005-7156-1150-8171-5b292e3e0084
description: Schema Attribute Id
system:
type: boolean
description: True if this schema attribute is mandatory on all non-employees sources.
example: true
default: false
modified:
type: string
format: date-time
description: When the schema attribute was last modified.
example: '2019-08-23T18:52:59.162Z'
created:
type: string
format: date-time
description: When the schema attribute was created.
example: '2019-08-23T18:40:35.772Z'
type:
type: string
enum:
- TEXT
- DATE
- IDENTITY
description: Enum representing the type of data a schema attribute accepts.
example: TEXT
label:
type: string
description: Label displayed on the UI for this schema attribute.
example: Account Name
technicalName:
type: string
description: The technical name of the attribute. Must be unique per source.
example: account.name
helpText:
type: string
description: help text displayed by UI.
example: The unique identifier for the account
placeholder:
type: string
description: Hint text that fills UI box.
example: Enter a unique user name for this account.
required:
type: boolean
description: 'If true, the schema attribute is required for all non-employees in the source'
example: true
default: false
required:
- type
- technicalName
- label
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNonEmployeeSchemaAttribute
tags:
- Non-Employee Lifecycle Management
summary: Delete a schema attribute for non-employee source
description: |
This end-point deletes a specific schema attribute for a non-employee source.
Requires role context of `idn:nesr:delete`
parameters:
- in: path
name: attributeId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getNonEmployeeSourceSchemaAttributes
description: The Schema Attribute Id (UUID)
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: sourceId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listNonEmployeeSources
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/oauth-clients:
get:
operationId: listOauthClients
security:
- userAuth:
- 'sp:oauth-client:manage'
tags:
- OAuth Clients
summary: List oauth clients
description: This gets a list of OAuth clients.
parameters:
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**lastUsed**: *le, isnull*
example: 'lastUsed le 2023-02-05T10:59:27.214Z'
responses:
'200':
description: List of OAuth clients.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the OAuth client
example: 2c9180835d2e5168015d32f890ca1581
businessName:
type: string
nullable: true
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
nullable: true
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
nullable: true
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds an access token generated for this API Client is valid for
example: 750
refreshTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
redirectUris:
type: array
nullable: true
items:
type: string
description: A list of the approved redirect URIs used with the authorization_code flow
example:
- 'http://localhost:12345'
grantTypes:
type: array
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal to IDN
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was created'
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was last updated'
example: '2018-06-25T20:22:28.104Z'
secret:
type: string
nullable: true
metadata:
type: string
nullable: true
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the API Client.
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- id
- businessName
- homepageUrl
- name
- description
- accessTokenValiditySeconds
- refreshTokenValiditySeconds
- redirectUris
- grantTypes
- accessType
- type
- internal
- enabled
- strongAuthSupported
- claimsSupported
- created
- modified
- scope
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createOauthClient
security:
- userAuth:
- 'sp:oauth-client:manage'
tags:
- OAuth Clients
summary: Create oauth client
description: This creates an OAuth client.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
businessName:
type: string
nullable: true
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
nullable: true
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
nullable: true
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
nullable: true
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
description: The number of seconds an access token generated for this API Client is valid for
type: integer
format: int32
example: 750
refreshTokenValiditySeconds:
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
type: integer
format: int32
redirectUris:
type: array
nullable: true
items:
type: string
description: A list of the approved redirect URIs. Provide one or more URIs when assigning the AUTHORIZATION_CODE grant type to a new OAuth Client.
example:
- 'http://localhost:12345'
grantTypes:
type: array
nullable: true
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal within the product.
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: 'Scopes of the API Client. If no scope is specified, the client will be created with the default scope "sp:scopes:all". This means the API Client will have all the rights of the owner who created it.'
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- name
- description
- accessTokenValiditySeconds
- grantTypes
- accessType
- enabled
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the OAuth client
example: 2c9180835d2e5168015d32f890ca1581
secret:
type: string
description: Secret of the OAuth client (This field is only returned on the intial create call.)
example: 5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3
businessName:
type: string
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
description: The number of seconds an access token generated for this API Client is valid for
example: 750
type: integer
format: int32
refreshTokenValiditySeconds:
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
type: integer
format: int32
redirectUris:
type: array
items:
type: string
description: A list of the approved redirect URIs used with the authorization_code flow
example:
- 'http://localhost:12345'
grantTypes:
type: array
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal to IDN
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was created'
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was last updated'
example: '2018-06-25T20:22:28.104Z'
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the API Client.
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- id
- secret
- businessName
- homepageUrl
- name
- description
- accessTokenValiditySeconds
- refreshTokenValiditySeconds
- redirectUris
- grantTypes
- accessType
- type
- internal
- enabled
- strongAuthSupported
- claimsSupported
- created
- modified
- scope
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/oauth-clients/{id}':
get:
operationId: getOauthClient
security:
- userAuth:
- 'sp:oauth-client:manage'
- 'sp:oauth-client:read'
tags:
- OAuth Clients
summary: Get oauth client
description: This gets details of an OAuth client.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listOauthClients
description: The OAuth client id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the OAuth client
example: 2c9180835d2e5168015d32f890ca1581
businessName:
type: string
nullable: true
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
nullable: true
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
nullable: true
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds an access token generated for this API Client is valid for
example: 750
refreshTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
redirectUris:
type: array
nullable: true
items:
type: string
description: A list of the approved redirect URIs used with the authorization_code flow
example:
- 'http://localhost:12345'
grantTypes:
type: array
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal to IDN
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was created'
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was last updated'
example: '2018-06-25T20:22:28.104Z'
secret:
type: string
nullable: true
metadata:
type: string
nullable: true
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the API Client.
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- id
- businessName
- homepageUrl
- name
- description
- accessTokenValiditySeconds
- refreshTokenValiditySeconds
- redirectUris
- grantTypes
- accessType
- type
- internal
- enabled
- strongAuthSupported
- claimsSupported
- created
- modified
- scope
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteOauthClient
security:
- userAuth:
- 'sp:oauth-client:manage'
tags:
- OAuth Clients
summary: Delete oauth client
description: This deletes an OAuth client.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listOauthClients
description: The OAuth client id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchOauthClient
security:
- userAuth:
- 'sp:oauth-client:manage'
tags:
- OAuth Clients
summary: Patch oauth client
description: This performs a targeted update to the field(s) of an OAuth client.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listOauthClients
description: The OAuth client id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: |
A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* tenant
* businessName
* homepageUrl
* name
* description
* accessTokenValiditySeconds
* refreshTokenValiditySeconds
* redirectUris
* grantTypes
* accessType
* enabled
* strongAuthSupported
* claimsSupported
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /strongAuthSupported
value: true
- op: replace
path: /businessName
value: acme-solar
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the OAuth client''s new representation.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the OAuth client
example: 2c9180835d2e5168015d32f890ca1581
businessName:
type: string
nullable: true
description: The name of the business the API Client should belong to
example: Acme-Solar
homepageUrl:
type: string
nullable: true
description: The homepage URL associated with the owner of the API Client
example: 'http://localhost:12345'
name:
type: string
description: A human-readable name for the API Client
example: Demo API Client
description:
type: string
nullable: true
description: A description of the API Client
example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
accessTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds an access token generated for this API Client is valid for
example: 750
refreshTokenValiditySeconds:
type: integer
format: int32
description: The number of seconds a refresh token generated for this API Client is valid for
example: 86400
redirectUris:
type: array
nullable: true
items:
type: string
description: A list of the approved redirect URIs used with the authorization_code flow
example:
- 'http://localhost:12345'
grantTypes:
type: array
items:
description: OAuth2 Grant Type
type: string
example: CLIENT_CREDENTIALS
enum:
- CLIENT_CREDENTIALS
- AUTHORIZATION_CODE
- REFRESH_TOKEN
description: A list of OAuth 2.0 grant types this API Client can be used with
example:
- AUTHORIZATION_CODE
- CLIENT_CREDENTIALS
- REFRESH_TOKEN
accessType:
description: The access type (online or offline) of this API Client
example: OFFLINE
type: string
enum:
- ONLINE
- OFFLINE
type:
description: The type of the API Client (public or confidential)
example: CONFIDENTIAL
type: string
enum:
- CONFIDENTIAL
- PUBLIC
internal:
type: boolean
description: An indicator of whether the API Client can be used for requests internal to IDN
example: false
enabled:
type: boolean
description: An indicator of whether the API Client is enabled for use
example: true
strongAuthSupported:
type: boolean
description: An indicator of whether the API Client supports strong authentication
example: false
claimsSupported:
type: boolean
description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
example: false
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was created'
example: '2017-07-11T18:45:37.098Z'
modified:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when the API Client was last updated'
example: '2018-06-25T20:22:28.104Z'
secret:
type: string
nullable: true
metadata:
type: string
nullable: true
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the API Client.
example:
- 'demo:api-client-scope:first'
- 'demo:api-client-scope:second'
required:
- id
- businessName
- homepageUrl
- name
- description
- accessTokenValiditySeconds
- refreshTokenValiditySeconds
- redirectUris
- grantTypes
- accessType
- type
- internal
- enabled
- strongAuthSupported
- claimsSupported
- created
- modified
- scope
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/password-sync-groups:
get:
operationId: getPasswordSyncGroups
tags:
- Password Sync Groups
summary: Get password sync group list
description: This API returns a list of password sync groups.
security:
- userAuth:
- 'idn:password-sync-group-management:read'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: A list of password sync groups.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createPasswordSyncGroup
tags:
- Password Sync Groups
summary: Create password sync group
description: This API creates a password sync group based on the specifications provided.
security:
- userAuth:
- 'idn:password-sync-group-management:write'
x-sailpoint-userLevels:
- ORG_ADMIN
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
name: Password Sync Group 2
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
responses:
'200':
description: Reference to the password sync group.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name: Password Sync Group 2
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/password-sync-groups/{id}':
get:
operationId: getPasswordSyncGroup
tags:
- Password Sync Groups
summary: Get password sync group by id
description: This API returns the sync group for the specified ID.
security:
- userAuth:
- 'idn:password-sync-group-management:read'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPasswordSyncGroups
description: The ID of password sync group to retrieve.
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
responses:
'200':
description: Reference to the password sync group.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name: Password Sync Group 1
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: updatePasswordSyncGroup
tags:
- Password Sync Groups
summary: Update password sync group by id
description: This API updates the specified password sync group.
security:
- userAuth:
- 'idn:password-sync-group-management:write'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPasswordSyncGroups
description: The ID of password sync group to update.
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name: Password Sync Group 2
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
responses:
'200':
description: Reference to the password sync group.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the sync group
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name:
description: Name of the sync group
type: string
example: Password Sync Group 1
passwordPolicyId:
type: string
description: ID of the password policy
example: 2c91808d744ba0ce01746f93b6204501
sourceIds:
type: array
description: List of password managed sources IDs
items:
type: string
example:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
created:
type: string
description: The date and time this sync group was created
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
modified:
type: string
description: The date and time this sync group was last modified
format: date-time
example: '2023-03-16T04:00:00Z'
nullable: true
example:
id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
name: Password Sync Group 2
passwordPolicyId: 2c91808d744ba0ce01746f93b6204501
sourceIds:
- 2c918084660f45d6016617daa9210584
- 2c918084660f45d6016617daa9210500
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deletePasswordSyncGroup
tags:
- Password Sync Groups
summary: Delete password sync group by id
description: This API deletes the specified password sync group.
security:
- userAuth:
- 'idn:password-sync-group-management:write'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPasswordSyncGroups
description: The ID of password sync group to delete.
example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/password-policies/{id}':
get:
operationId: getPasswordPolicyById
tags:
- Password Policies
summary: Get password policy by id
description: This API returns the password policy for the specified ID.
security:
- userAuth:
- 'idn:password-policy:read'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listPasswordPolicies
description: The ID of password policy to retrieve.
example: ff808081838d9e9d01838da6a03e0005
responses:
'200':
description: Reference to the password policy.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
description:
type: string
nullable: true
description: Description for current password policy.
example: Information about the Password Policy
name:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
dateCreated:
type: integer
format: int64
description: Date the Password Policy was created.
example: 1639056206564
lastUpdated:
type: integer
format: int64
nullable: true
description: Date the Password Policy was updated.
example: 1939056206564
firstExpirationReminder:
type: integer
format: int64
description: The number of days before expiration remaninder.
example: 45
accountIdMinWordLength:
type: integer
format: int64
description: The minimun length of account Id. By default is equals to -1.
example: 4
accountNameMinWordLength:
type: integer
format: int64
description: The minimun length of account name. By default is equals to -1.
example: 6
minAlpha:
type: integer
format: int64
description: Maximum alpha. By default is equals to 0.
example: 5
minCharacterTypes:
type: integer
format: int64
description: MinCharacterTypes. By default is equals to -1.
example: 5
maxLength:
type: integer
format: int64
description: Maximum length of the password.
example: 25
minLength:
type: integer
format: int64
description: Minimum length of the password. By default is equals to 0.
example: 8
maxRepeatedChars:
type: integer
format: int64
description: Maximum repetition of the same character in the password. By default is equals to -1.
example: 3
minLower:
type: integer
format: int64
description: Minimum amount of lower case character in the password. By default is equals to 0.
example: 8
minNumeric:
type: integer
format: int64
description: Minimum amount of numeric characters in the password. By default is equals to 0.
example: 8
minSpecial:
type: integer
format: int64
description: Minimum amount of special symbols in the password. By default is equals to 0.
example: 8
minUpper:
type: integer
format: int64
description: Minimum amount of upper case symbols in the password. By default is equals to 0.
example: 8
passwordExpiration:
type: integer
format: int64
description: Number of days before current password expires. By default is equals to 90.
example: 8
defaultPolicy:
type: boolean
description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default.
example: true
default: false
enablePasswdExpiration:
type: boolean
description: Defines whether this policy is enabled to expire or not. This field is false by default.
example: true
default: false
requireStrongAuthn:
type: boolean
description: Defines whether this policy require strong Auth or not. This field is false by default.
example: true
default: false
requireStrongAuthOffNetwork:
type: boolean
description: Defines whether this policy require strong Auth of network or not. This field is false by default.
example: true
default: false
requireStrongAuthUntrustedGeographies:
type: boolean
description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default.
example: true
default: false
useAccountAttributes:
type: boolean
description: Defines whether this policy uses account attributes or not. This field is false by default.
example: false
default: false
useDictionary:
type: boolean
description: Defines whether this policy uses dictionary or not. This field is false by default.
example: false
default: false
useIdentityAttributes:
type: boolean
description: Defines whether this policy uses identity attributes or not. This field is false by default.
example: false
default: false
validateAgainstAccountId:
type: boolean
description: Defines whether this policy validate against account id or not. This field is false by default.
example: false
default: false
validateAgainstAccountName:
type: boolean
description: Defines whether this policy validate against account name or not. This field is false by default.
example: true
default: false
created:
type: string
nullable: true
modified:
type: string
nullable: true
sourceIds:
type: array
description: List of sources IDs managed by this password policy.
items:
type: string
example:
- 2c91808382ffee0b01830de154f14034
- 2f98808382ffee0b01830de154f12134
example:
description: Default Password Policy
id: 2c91808e7d976f3b017d9f5ceae440c8
name: Example PP
dateCreated: 1639056206564
lastUpdated: 1662385430753
firstExpirationReminder: 90
accountIdMinWordLength: 3
accountNameMinWordLength: 3
maxLength: 0
maxRepeatedChars: 4
minAlpha: 1
minCharacterTypes: -1
minLength: 8
minLower: 0
minNumeric: 1
minSpecial: 0
minUpper: 0
passwordExpiration: 90
defaultPolicy: true
enablePasswdExpiration: false
requireStrongAuthn: false
requireStrongAuthOffNetwork: false
requireStrongAuthUntrustedGeographies: false
useAccountAttributes: false
useDictionary: false
useIdentityAttributes: false
validateAgainstAccountId: true
validateAgainstAccountName: true
sourceIds:
- 2c91808382ffee0b01830de154f14034
- 2c91808582ffee0c01830de36511405f
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setPasswordPolicy
tags:
- Password Policies
summary: Update password policy by id
description: This API updates the specified password policy.
security:
- userAuth:
- 'idn:password-policy:write'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listPasswordPolicies
description: The ID of password policy to update.
example: ff808081838d9e9d01838da6a03e0007
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
description:
type: string
nullable: true
description: Description for current password policy.
example: Information about the Password Policy
name:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
dateCreated:
type: integer
format: int64
description: Date the Password Policy was created.
example: 1639056206564
lastUpdated:
type: integer
format: int64
nullable: true
description: Date the Password Policy was updated.
example: 1939056206564
firstExpirationReminder:
type: integer
format: int64
description: The number of days before expiration remaninder.
example: 45
accountIdMinWordLength:
type: integer
format: int64
description: The minimun length of account Id. By default is equals to -1.
example: 4
accountNameMinWordLength:
type: integer
format: int64
description: The minimun length of account name. By default is equals to -1.
example: 6
minAlpha:
type: integer
format: int64
description: Maximum alpha. By default is equals to 0.
example: 5
minCharacterTypes:
type: integer
format: int64
description: MinCharacterTypes. By default is equals to -1.
example: 5
maxLength:
type: integer
format: int64
description: Maximum length of the password.
example: 25
minLength:
type: integer
format: int64
description: Minimum length of the password. By default is equals to 0.
example: 8
maxRepeatedChars:
type: integer
format: int64
description: Maximum repetition of the same character in the password. By default is equals to -1.
example: 3
minLower:
type: integer
format: int64
description: Minimum amount of lower case character in the password. By default is equals to 0.
example: 8
minNumeric:
type: integer
format: int64
description: Minimum amount of numeric characters in the password. By default is equals to 0.
example: 8
minSpecial:
type: integer
format: int64
description: Minimum amount of special symbols in the password. By default is equals to 0.
example: 8
minUpper:
type: integer
format: int64
description: Minimum amount of upper case symbols in the password. By default is equals to 0.
example: 8
passwordExpiration:
type: integer
format: int64
description: Number of days before current password expires. By default is equals to 90.
example: 8
defaultPolicy:
type: boolean
description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default.
example: true
default: false
enablePasswdExpiration:
type: boolean
description: Defines whether this policy is enabled to expire or not. This field is false by default.
example: true
default: false
requireStrongAuthn:
type: boolean
description: Defines whether this policy require strong Auth or not. This field is false by default.
example: true
default: false
requireStrongAuthOffNetwork:
type: boolean
description: Defines whether this policy require strong Auth of network or not. This field is false by default.
example: true
default: false
requireStrongAuthUntrustedGeographies:
type: boolean
description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default.
example: true
default: false
useAccountAttributes:
type: boolean
description: Defines whether this policy uses account attributes or not. This field is false by default.
example: false
default: false
useDictionary:
type: boolean
description: Defines whether this policy uses dictionary or not. This field is false by default.
example: false
default: false
useIdentityAttributes:
type: boolean
description: Defines whether this policy uses identity attributes or not. This field is false by default.
example: false
default: false
validateAgainstAccountId:
type: boolean
description: Defines whether this policy validate against account id or not. This field is false by default.
example: false
default: false
validateAgainstAccountName:
type: boolean
description: Defines whether this policy validate against account name or not. This field is false by default.
example: true
default: false
created:
type: string
nullable: true
modified:
type: string
nullable: true
sourceIds:
type: array
description: List of sources IDs managed by this password policy.
items:
type: string
example:
- 2c91808382ffee0b01830de154f14034
- 2f98808382ffee0b01830de154f12134
example:
description: Password Policy after update.
id: 2c91808e7d976f3b017d9f5ceae440c8
name: Improved Password Policy
dateCreated: 1639056206564
lastUpdated: 1662385430753
firstExpirationReminder: 90
accountIdMinWordLength: 3
accountNameMinWordLength: 3
maxLength: 0
maxRepeatedChars: 4
minAlpha: 1
minCharacterTypes: -1
minLength: 8
minLower: 0
minNumeric: 1
minSpecial: 0
minUpper: 0
passwordExpiration: 90
defaultPolicy: false
enablePasswdExpiration: false
requireStrongAuthn: false
requireStrongAuthOffNetwork: false
requireStrongAuthUntrustedGeographies: false
useAccountAttributes: false
useDictionary: false
useIdentityAttributes: false
validateAgainstAccountId: true
validateAgainstAccountName: true
sourceIds:
- 2c91808382ffee0b01830de154f14034
- 2c91808582ffee0c01830de36511405f
responses:
'200':
description: Reference to the password policy.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
description:
type: string
nullable: true
description: Description for current password policy.
example: Information about the Password Policy
name:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
dateCreated:
type: integer
format: int64
description: Date the Password Policy was created.
example: 1639056206564
lastUpdated:
type: integer
format: int64
nullable: true
description: Date the Password Policy was updated.
example: 1939056206564
firstExpirationReminder:
type: integer
format: int64
description: The number of days before expiration remaninder.
example: 45
accountIdMinWordLength:
type: integer
format: int64
description: The minimun length of account Id. By default is equals to -1.
example: 4
accountNameMinWordLength:
type: integer
format: int64
description: The minimun length of account name. By default is equals to -1.
example: 6
minAlpha:
type: integer
format: int64
description: Maximum alpha. By default is equals to 0.
example: 5
minCharacterTypes:
type: integer
format: int64
description: MinCharacterTypes. By default is equals to -1.
example: 5
maxLength:
type: integer
format: int64
description: Maximum length of the password.
example: 25
minLength:
type: integer
format: int64
description: Minimum length of the password. By default is equals to 0.
example: 8
maxRepeatedChars:
type: integer
format: int64
description: Maximum repetition of the same character in the password. By default is equals to -1.
example: 3
minLower:
type: integer
format: int64
description: Minimum amount of lower case character in the password. By default is equals to 0.
example: 8
minNumeric:
type: integer
format: int64
description: Minimum amount of numeric characters in the password. By default is equals to 0.
example: 8
minSpecial:
type: integer
format: int64
description: Minimum amount of special symbols in the password. By default is equals to 0.
example: 8
minUpper:
type: integer
format: int64
description: Minimum amount of upper case symbols in the password. By default is equals to 0.
example: 8
passwordExpiration:
type: integer
format: int64
description: Number of days before current password expires. By default is equals to 90.
example: 8
defaultPolicy:
type: boolean
description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default.
example: true
default: false
enablePasswdExpiration:
type: boolean
description: Defines whether this policy is enabled to expire or not. This field is false by default.
example: true
default: false
requireStrongAuthn:
type: boolean
description: Defines whether this policy require strong Auth or not. This field is false by default.
example: true
default: false
requireStrongAuthOffNetwork:
type: boolean
description: Defines whether this policy require strong Auth of network or not. This field is false by default.
example: true
default: false
requireStrongAuthUntrustedGeographies:
type: boolean
description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default.
example: true
default: false
useAccountAttributes:
type: boolean
description: Defines whether this policy uses account attributes or not. This field is false by default.
example: false
default: false
useDictionary:
type: boolean
description: Defines whether this policy uses dictionary or not. This field is false by default.
example: false
default: false
useIdentityAttributes:
type: boolean
description: Defines whether this policy uses identity attributes or not. This field is false by default.
example: false
default: false
validateAgainstAccountId:
type: boolean
description: Defines whether this policy validate against account id or not. This field is false by default.
example: false
default: false
validateAgainstAccountName:
type: boolean
description: Defines whether this policy validate against account name or not. This field is false by default.
example: true
default: false
created:
type: string
nullable: true
modified:
type: string
nullable: true
sourceIds:
type: array
description: List of sources IDs managed by this password policy.
items:
type: string
example:
- 2c91808382ffee0b01830de154f14034
- 2f98808382ffee0b01830de154f12134
example:
description: Password Policy after update.
id: 2c91808e7d976f3b017d9f5ceae440c8
name: Improved Password Policy
dateCreated: 1639056206564
lastUpdated: 1662385430753
firstExpirationReminder: 90
accountIdMinWordLength: 3
accountNameMinWordLength: 3
maxLength: 0
maxRepeatedChars: 4
minAlpha: 1
minCharacterTypes: -1
minLength: 8
minLower: 0
minNumeric: 1
minSpecial: 0
minUpper: 0
passwordExpiration: 90
defaultPolicy: false
enablePasswdExpiration: false
requireStrongAuthn: false
requireStrongAuthOffNetwork: false
requireStrongAuthUntrustedGeographies: false
useAccountAttributes: false
useDictionary: false
useIdentityAttributes: false
validateAgainstAccountId: true
validateAgainstAccountName: true
sourceIds:
- 2c91808382ffee0b01830de154f14034
- 2c91808582ffee0c01830de36511405f
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deletePasswordPolicy
tags:
- Password Policies
summary: Delete password policy by id
description: This API deletes the specified password policy.
security:
- userAuth:
- 'idn:password-policy:write'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listPasswordPolicies
description: The ID of password policy to delete.
example: ff808081838d9e9d01838da6a03e0002
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/password-policies:
post:
operationId: createPasswordPolicy
tags:
- Password Policies
summary: Create password policy
description: This API creates the specified password policy.
security:
- userAuth:
- 'idn:password-policy:write'
x-sailpoint-userLevels:
- ORG_ADMIN
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
description:
type: string
nullable: true
description: Description for current password policy.
example: Information about the Password Policy
name:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
dateCreated:
type: integer
format: int64
description: Date the Password Policy was created.
example: 1639056206564
lastUpdated:
type: integer
format: int64
nullable: true
description: Date the Password Policy was updated.
example: 1939056206564
firstExpirationReminder:
type: integer
format: int64
description: The number of days before expiration remaninder.
example: 45
accountIdMinWordLength:
type: integer
format: int64
description: The minimun length of account Id. By default is equals to -1.
example: 4
accountNameMinWordLength:
type: integer
format: int64
description: The minimun length of account name. By default is equals to -1.
example: 6
minAlpha:
type: integer
format: int64
description: Maximum alpha. By default is equals to 0.
example: 5
minCharacterTypes:
type: integer
format: int64
description: MinCharacterTypes. By default is equals to -1.
example: 5
maxLength:
type: integer
format: int64
description: Maximum length of the password.
example: 25
minLength:
type: integer
format: int64
description: Minimum length of the password. By default is equals to 0.
example: 8
maxRepeatedChars:
type: integer
format: int64
description: Maximum repetition of the same character in the password. By default is equals to -1.
example: 3
minLower:
type: integer
format: int64
description: Minimum amount of lower case character in the password. By default is equals to 0.
example: 8
minNumeric:
type: integer
format: int64
description: Minimum amount of numeric characters in the password. By default is equals to 0.
example: 8
minSpecial:
type: integer
format: int64
description: Minimum amount of special symbols in the password. By default is equals to 0.
example: 8
minUpper:
type: integer
format: int64
description: Minimum amount of upper case symbols in the password. By default is equals to 0.
example: 8
passwordExpiration:
type: integer
format: int64
description: Number of days before current password expires. By default is equals to 90.
example: 8
defaultPolicy:
type: boolean
description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default.
example: true
default: false
enablePasswdExpiration:
type: boolean
description: Defines whether this policy is enabled to expire or not. This field is false by default.
example: true
default: false
requireStrongAuthn:
type: boolean
description: Defines whether this policy require strong Auth or not. This field is false by default.
example: true
default: false
requireStrongAuthOffNetwork:
type: boolean
description: Defines whether this policy require strong Auth of network or not. This field is false by default.
example: true
default: false
requireStrongAuthUntrustedGeographies:
type: boolean
description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default.
example: true
default: false
useAccountAttributes:
type: boolean
description: Defines whether this policy uses account attributes or not. This field is false by default.
example: false
default: false
useDictionary:
type: boolean
description: Defines whether this policy uses dictionary or not. This field is false by default.
example: false
default: false
useIdentityAttributes:
type: boolean
description: Defines whether this policy uses identity attributes or not. This field is false by default.
example: false
default: false
validateAgainstAccountId:
type: boolean
description: Defines whether this policy validate against account id or not. This field is false by default.
example: false
default: false
validateAgainstAccountName:
type: boolean
description: Defines whether this policy validate against account name or not. This field is false by default.
example: true
default: false
created:
type: string
nullable: true
modified:
type: string
nullable: true
sourceIds:
type: array
description: List of sources IDs managed by this password policy.
items:
type: string
example:
- 2c91808382ffee0b01830de154f14034
- 2f98808382ffee0b01830de154f12134
example:
description: New Password Policy with high requirements to password complexity.
id: null
name: High security Password Policy
dateCreated: 1639056206564
lastUpdated: 1662385430753
firstExpirationReminder: 90
accountIdMinWordLength: 3
accountNameMinWordLength: 3
maxLength: 0
maxRepeatedChars: 4
minAlpha: 1
minCharacterTypes: -1
minLength: 8
minLower: 0
minNumeric: 1
minSpecial: 0
minUpper: 0
passwordExpiration: 90
defaultPolicy: false
enablePasswdExpiration: false
requireStrongAuthn: false
requireStrongAuthOffNetwork: false
requireStrongAuthUntrustedGeographies: false
useAccountAttributes: false
useDictionary: false
useIdentityAttributes: false
validateAgainstAccountId: true
validateAgainstAccountName: true
sourceIds:
- 2c91808382ffee0b01830de154f14034
- 2c91808582ffee0c01830de36511405f
responses:
'200':
description: Reference to the password policy.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
description:
type: string
nullable: true
description: Description for current password policy.
example: Information about the Password Policy
name:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
dateCreated:
type: integer
format: int64
description: Date the Password Policy was created.
example: 1639056206564
lastUpdated:
type: integer
format: int64
nullable: true
description: Date the Password Policy was updated.
example: 1939056206564
firstExpirationReminder:
type: integer
format: int64
description: The number of days before expiration remaninder.
example: 45
accountIdMinWordLength:
type: integer
format: int64
description: The minimun length of account Id. By default is equals to -1.
example: 4
accountNameMinWordLength:
type: integer
format: int64
description: The minimun length of account name. By default is equals to -1.
example: 6
minAlpha:
type: integer
format: int64
description: Maximum alpha. By default is equals to 0.
example: 5
minCharacterTypes:
type: integer
format: int64
description: MinCharacterTypes. By default is equals to -1.
example: 5
maxLength:
type: integer
format: int64
description: Maximum length of the password.
example: 25
minLength:
type: integer
format: int64
description: Minimum length of the password. By default is equals to 0.
example: 8
maxRepeatedChars:
type: integer
format: int64
description: Maximum repetition of the same character in the password. By default is equals to -1.
example: 3
minLower:
type: integer
format: int64
description: Minimum amount of lower case character in the password. By default is equals to 0.
example: 8
minNumeric:
type: integer
format: int64
description: Minimum amount of numeric characters in the password. By default is equals to 0.
example: 8
minSpecial:
type: integer
format: int64
description: Minimum amount of special symbols in the password. By default is equals to 0.
example: 8
minUpper:
type: integer
format: int64
description: Minimum amount of upper case symbols in the password. By default is equals to 0.
example: 8
passwordExpiration:
type: integer
format: int64
description: Number of days before current password expires. By default is equals to 90.
example: 8
defaultPolicy:
type: boolean
description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default.
example: true
default: false
enablePasswdExpiration:
type: boolean
description: Defines whether this policy is enabled to expire or not. This field is false by default.
example: true
default: false
requireStrongAuthn:
type: boolean
description: Defines whether this policy require strong Auth or not. This field is false by default.
example: true
default: false
requireStrongAuthOffNetwork:
type: boolean
description: Defines whether this policy require strong Auth of network or not. This field is false by default.
example: true
default: false
requireStrongAuthUntrustedGeographies:
type: boolean
description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default.
example: true
default: false
useAccountAttributes:
type: boolean
description: Defines whether this policy uses account attributes or not. This field is false by default.
example: false
default: false
useDictionary:
type: boolean
description: Defines whether this policy uses dictionary or not. This field is false by default.
example: false
default: false
useIdentityAttributes:
type: boolean
description: Defines whether this policy uses identity attributes or not. This field is false by default.
example: false
default: false
validateAgainstAccountId:
type: boolean
description: Defines whether this policy validate against account id or not. This field is false by default.
example: false
default: false
validateAgainstAccountName:
type: boolean
description: Defines whether this policy validate against account name or not. This field is false by default.
example: true
default: false
created:
type: string
nullable: true
modified:
type: string
nullable: true
sourceIds:
type: array
description: List of sources IDs managed by this password policy.
items:
type: string
example:
- 2c91808382ffee0b01830de154f14034
- 2f98808382ffee0b01830de154f12134
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listPasswordPolicies
tags:
- Password Policies
summary: List password policies
description: |-
This gets list of all Password Policies.
Requires role of ORG_ADMIN
security:
- userAuth:
- 'idn:password-policy:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: List of all Password Policies.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
description:
type: string
nullable: true
description: Description for current password policy.
example: Information about the Password Policy
name:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
dateCreated:
type: integer
format: int64
description: Date the Password Policy was created.
example: 1639056206564
lastUpdated:
type: integer
format: int64
nullable: true
description: Date the Password Policy was updated.
example: 1939056206564
firstExpirationReminder:
type: integer
format: int64
description: The number of days before expiration remaninder.
example: 45
accountIdMinWordLength:
type: integer
format: int64
description: The minimun length of account Id. By default is equals to -1.
example: 4
accountNameMinWordLength:
type: integer
format: int64
description: The minimun length of account name. By default is equals to -1.
example: 6
minAlpha:
type: integer
format: int64
description: Maximum alpha. By default is equals to 0.
example: 5
minCharacterTypes:
type: integer
format: int64
description: MinCharacterTypes. By default is equals to -1.
example: 5
maxLength:
type: integer
format: int64
description: Maximum length of the password.
example: 25
minLength:
type: integer
format: int64
description: Minimum length of the password. By default is equals to 0.
example: 8
maxRepeatedChars:
type: integer
format: int64
description: Maximum repetition of the same character in the password. By default is equals to -1.
example: 3
minLower:
type: integer
format: int64
description: Minimum amount of lower case character in the password. By default is equals to 0.
example: 8
minNumeric:
type: integer
format: int64
description: Minimum amount of numeric characters in the password. By default is equals to 0.
example: 8
minSpecial:
type: integer
format: int64
description: Minimum amount of special symbols in the password. By default is equals to 0.
example: 8
minUpper:
type: integer
format: int64
description: Minimum amount of upper case symbols in the password. By default is equals to 0.
example: 8
passwordExpiration:
type: integer
format: int64
description: Number of days before current password expires. By default is equals to 90.
example: 8
defaultPolicy:
type: boolean
description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default.
example: true
default: false
enablePasswdExpiration:
type: boolean
description: Defines whether this policy is enabled to expire or not. This field is false by default.
example: true
default: false
requireStrongAuthn:
type: boolean
description: Defines whether this policy require strong Auth or not. This field is false by default.
example: true
default: false
requireStrongAuthOffNetwork:
type: boolean
description: Defines whether this policy require strong Auth of network or not. This field is false by default.
example: true
default: false
requireStrongAuthUntrustedGeographies:
type: boolean
description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default.
example: true
default: false
useAccountAttributes:
type: boolean
description: Defines whether this policy uses account attributes or not. This field is false by default.
example: false
default: false
useDictionary:
type: boolean
description: Defines whether this policy uses dictionary or not. This field is false by default.
example: false
default: false
useIdentityAttributes:
type: boolean
description: Defines whether this policy uses identity attributes or not. This field is false by default.
example: false
default: false
validateAgainstAccountId:
type: boolean
description: Defines whether this policy validate against account id or not. This field is false by default.
example: false
default: false
validateAgainstAccountName:
type: boolean
description: Defines whether this policy validate against account name or not. This field is false by default.
example: true
default: false
created:
type: string
nullable: true
modified:
type: string
nullable: true
sourceIds:
type: array
description: List of sources IDs managed by this password policy.
items:
type: string
example:
- 2c91808382ffee0b01830de154f14034
- 2f98808382ffee0b01830de154f12134
example:
- description: Example Password Policy
id: 2c91808e7d976f3b017d9f5ceae440c8
name: Example PP
dateCreated: 1639056206564
lastUpdated: 1662385430753
firstExpirationReminder: 90
accountIdMinWordLength: 3
accountNameMinWordLength: 3
maxLength: 0
maxRepeatedChars: 4
minAlpha: 1
minCharacterTypes: -1
minLength: 8
minLower: 0
minNumeric: 1
minSpecial: 0
minUpper: 0
passwordExpiration: 90
defaultPolicy: false
enablePasswdExpiration: false
requireStrongAuthn: false
requireStrongAuthOffNetwork: false
requireStrongAuthUntrustedGeographies: false
useAccountAttributes: false
useDictionary: false
useIdentityAttributes: false
validateAgainstAccountId: true
validateAgainstAccountName: true
sourceIds:
- 2c91808382ffee0b01830de154f14034
- 2c91808582ffee0c01830de36511405f
- description: null
id: 2c91808780b8b8430180ff7a093f3bf2
name: Password Policy 1 test
dateCreated: 1653553629503
lastUpdated: null
firstExpirationReminder: null
accountIdMinWordLength: -1
accountNameMinWordLength: -1
maxLength: 0
maxRepeatedChars: -1
minAlpha: 1
minCharacterTypes: -1
minLength: 8
minLower: 0
minNumeric: 1
minSpecial: 0
minUpper: 0
passwordExpiration: 90
defaultPolicy: false
enablePasswdExpiration: false
requireStrongAuthn: false
requireStrongAuthOffNetwork: false
requireStrongAuthUntrustedGeographies: false
useAccountAttributes: false
useDictionary: false
useIdentityAttributes: true
validateAgainstAccountId: false
validateAgainstAccountName: false
sourceIds: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/personal-access-tokens:
get:
operationId: listPersonalAccessTokens
security:
- userAuth:
- 'sp:my-personal-access-tokens:read'
- 'sp:my-personal-access-tokens:manage'
- 'sp:all-personal-access-tokens:read'
- 'sp:all-personal-access-tokens:manage'
tags:
- Personal Access Tokens
summary: List personal access tokens
description: 'This gets a collection of personal access tokens associated with the optional `owner-id`. query parameter. If the `owner-id` query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the ''idn:all-personal-access-tokens:read'' right.'
parameters:
- in: query
name: owner-id
description: |-
The identity ID of the owner whose personal access tokens should be listed. If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read'
If an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'.
If the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read'
required: false
schema:
type: string
default: null
example: 2c9180867b50d088017b554662fb281e
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**lastUsed**: *le, isnull*
example: 'lastUsed le 2023-02-05T10:59:27.214Z'
responses:
'200':
description: List of personal access tokens.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the personal access token (to be used as the username for Basic Auth).
example: 86f1dc6fe8f54414950454cbb11278fa
name:
type: string
description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.
example: NodeJS Integration
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the personal access token.
example:
- 'demo:personal-access-token-scope:first'
- 'demo:personal-access-token-scope:second'
owner:
type: object
description: Personal access token owner's identity.
properties:
type:
type: string
description: Personal access token owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Personal access token owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Personal access token owner's human-readable display name.
example: Support
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was created.'
example: '2017-07-11T18:45:37.098Z'
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
managed:
type: boolean
default: false
example: false
description: 'If true, this token is managed by the SailPoint platform, and is not visible in the user interface. For example, Workflows will create managed personal access tokens for users who create workflows.'
required:
- id
- name
- scope
- owner
- created
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createPersonalAccessToken
security:
- userAuth:
- 'sp:my-personal-access-tokens:manage'
- 'sp:all-personal-access-tokens:manage'
tags:
- Personal Access Tokens
summary: Create personal access token
description: This creates a personal access token.
requestBody:
description: Name and scope of personal access token.
required: true
content:
application/json:
schema:
type: object
description: Object for specifying the name of a personal access token to create
properties:
name:
type: string
description: The name of the personal access token (PAT) to be created. Cannot be the same as another PAT owned by the user for whom this PAT is being created.
example: NodeJS Integration
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: 'Scopes of the personal access token. If no scope is specified, the token will be created with the default scope "sp:scopes:all". This means the personal access token will have all the rights of the owner who created it.'
example:
- 'demo:personal-access-token-scope:first'
- 'demo:personal-access-token-scope:second'
accessTokenValiditySeconds:
type: integer
format: int32
minimum: 15
maximum: 43200
items:
type: integer
format: int32
default: 43200
description: 'Number of seconds an access token is valid when generated using this Personal Access Token. If no value is specified, the token will be created with the default value of 43200.'
example: 36900
required:
- name
responses:
'200':
description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the personal access token (to be used as the username for Basic Auth).
example: 86f1dc6fe8f54414950454cbb11278fa
secret:
type: string
description: The secret of the personal access token (to be used as the password for Basic Auth).
example: 1d1bef2b9f426383447f64f69349fc7cac176042578d205c256ba3f37c59adb9
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the personal access token.
example:
- 'demo:personal-access-token-scope:first'
- 'demo:personal-access-token-scope:second'
name:
type: string
description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.
example: NodeJS Integration
owner:
type: object
description: Personal access token owner's identity.
properties:
type:
type: string
description: Personal access token owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Personal access token owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Personal access token owner's human-readable display name.
example: Support
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was created.'
example: '2017-07-11T18:45:37.098Z'
accessTokenValiditySeconds:
type: integer
format: int32
items:
type: integer
format: int32
default: 43200
description: 'Number of seconds an access token is valid when generated using this Personal Access Token. If no value is specified, the token will be created with the default value of 43200.'
example: 36900
required:
- id
- secret
- scope
- name
- owner
- created
- accessTokenValiditySeconds
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/personal-access-tokens/{id}':
patch:
operationId: patchPersonalAccessToken
security:
- userAuth:
- 'sp:my-personal-access-tokens:manage'
tags:
- Personal Access Tokens
summary: Patch personal access token
description: |-
This performs a targeted update to the field(s) of a Personal Access Token.
Changing scopes for a Personal Access Token does not impact existing bearer tokens. You will need to create a new bearer token to have the new scopes. Please note that it can take up to 20 minutes for scope changes to be seen on new bearer tokens.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listPersonalAccessTokens
description: The Personal Access Token id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: |
A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* scope
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /name
value: New name
- op: replace
path: /scope
value:
- 'sp:scopes:all'
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the PAT''s new representation.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The ID of the personal access token (to be used as the username for Basic Auth).
example: 86f1dc6fe8f54414950454cbb11278fa
name:
type: string
description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.
example: NodeJS Integration
scope:
type: array
nullable: true
items:
type: string
default: 'sp:scopes:all'
description: Scopes of the personal access token.
example:
- 'demo:personal-access-token-scope:first'
- 'demo:personal-access-token-scope:second'
owner:
type: object
description: Personal access token owner's identity.
properties:
type:
type: string
description: Personal access token owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Personal access token owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Personal access token owner's human-readable display name.
example: Support
created:
type: string
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was created.'
example: '2017-07-11T18:45:37.098Z'
lastUsed:
type: string
nullable: true
format: date-time
description: 'The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.'
example: '2017-07-11T18:45:37.098Z'
managed:
type: boolean
default: false
example: false
description: 'If true, this token is managed by the SailPoint platform, and is not visible in the user interface. For example, Workflows will create managed personal access tokens for users who create workflows.'
required:
- id
- name
- scope
- owner
- created
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deletePersonalAccessToken
security:
- userAuth:
- 'sp:my-personal-access-tokens:manage'
- 'sp:all-personal-access-tokens:manage'
tags:
- Personal Access Tokens
summary: Delete personal access token
description: This deletes a personal access token.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listPersonalAccessTokens
description: The personal access token id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/public-identities:
get:
operationId: getPublicIdentities
tags:
- Public Identities
summary: Get list of public identities
description: Get a list of public identities. Set `add-core-filters` to `true` to exclude incomplete identities and uncorrelated accounts.
security:
- userAuth:
- 'sp:scopes:default'
x-sailpoint-userLevels:
- USER
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
required: false
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**alias**: *eq, sw*
**email**: *eq, sw*
**firstname**: *eq, sw*
**lastname**: *eq, sw*
example: firstname eq "John"
- in: query
name: add-core-filters
description: |-
If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*:
- Should be either correlated or protected.
- Should not be "spadmin" or "cloudadmin".
- uid should not be null.
- lastname should not be null.
- email should not be null.
required: false
example: false
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
required: false
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
example: name
responses:
'200':
description: A list of public identity objects.
content:
application/json:
schema:
type: array
items:
type: object
title: Public Identity
description: Details about a public identity
properties:
id:
type: string
description: Identity id
example: 2c9180857182305e0171993735622948
name:
type: string
description: Human-readable display name of identity.
example: Alison Ferguso
alias:
type: string
description: Alternate unique identifier for the identity.
example: alison.ferguso
email:
nullable: true
type: string
description: Email address of identity.
example: alison.ferguso@acme-solar.com
status:
nullable: true
type: string
description: The lifecycle status for the identity
example: Active
identityState:
nullable: true
type: string
enum:
- ACTIVE
- INACTIVE_SHORT_TERM
- INACTIVE_LONG_TERM
- null
example: ACTIVE
description: |
The current state of the identity, which determines how Identity Security Cloud interacts with the identity.
An identity that is Active will be included identity picklists in Request Center, identity processing, and more.
Identities that are Inactive will be excluded from these features.
manager:
description: An identity reference to the manager of this identity
type: object
nullable: true
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
attributes:
type: array
description: The public identity attributes of the identity
items:
type: object
properties:
key:
type: string
description: The attribute key
example: country
name:
type: string
description: Human-readable display name of the attribute
example: Country
value:
type: string
description: The attribute value
example: US
nullable: true
example:
- id: 2c9180857182305e0171993735622948
name: Alison Ferguso
alias: alison.ferguso
email: alison.ferguso@acme-solar.com
status: Active
manager:
type: IDENTITY
id: 2c9180a46faadee4016fb4e018c20639
name: Thomas Edison
attributes:
- key: phone
name: Phone
value: '5125551234'
- key: country
name: Country
value: US
- id: 2c9180a46faadee4016fb4e018c20639
name: Thomas Edison
alias: thomas.edison
email: thomas.edison@acme-solar.com
status: Active
manager:
type: IDENTITY
id: 2c918086676d3e0601677611dbde220f
name: Mister Manager
attributes:
- key: phone
name: Phone
value: '5125554321'
- key: country
name: Country
value: US
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/public-identities-config:
get:
operationId: getPublicIdentityConfig
tags:
- Public Identities Config
summary: Get the public identities configuration
description: Returns the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns.
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org.
properties:
attributes:
type: array
description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org.
items:
type: object
description: Used to map an attribute key for an Identity to its display name.
properties:
key:
type: string
description: The attribute key
example: country
name:
type: string
description: The attribute display name
example: Country
modified:
nullable: true
type: string
description: When this configuration was last modified.
format: date-time
example: '2018-06-25T20:22:28.104Z'
modifiedBy:
description: The identity who last modified this configuration.
type: object
nullable: true
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: updatePublicIdentityConfig
tags:
- Public Identities Config
summary: Update the public identities configuration
description: Updates the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns.
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org.
properties:
attributes:
type: array
description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org.
items:
type: object
description: Used to map an attribute key for an Identity to its display name.
properties:
key:
type: string
description: The attribute key
example: country
name:
type: string
description: The attribute display name
example: Country
modified:
nullable: true
type: string
description: When this configuration was last modified.
format: date-time
example: '2018-06-25T20:22:28.104Z'
modifiedBy:
description: The identity who last modified this configuration.
type: object
nullable: true
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org.
properties:
attributes:
type: array
description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org.
items:
type: object
description: Used to map an attribute key for an Identity to its display name.
properties:
key:
type: string
description: The attribute key
example: country
name:
type: string
description: The attribute display name
example: Country
modified:
nullable: true
type: string
description: When this configuration was last modified.
format: date-time
example: '2018-06-25T20:22:28.104Z'
modifiedBy:
description: The identity who last modified this configuration.
type: object
nullable: true
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/requestable-objects:
get:
operationId: listRequestableObjects
tags:
- Requestable Objects
summary: Requestable objects list
security:
- userAuth:
- 'idn:requestable-objects:read'
x-sailpoint-userLevels:
- ORG_ADMIN
description: |-
Get a list of acccess items that can be requested through the [Access Request endpoints](https://developer.sailpoint.com/docs/api/v2024/access-requests). Access items are marked with `AVAILABLE`, `PENDING` or `ASSIGNED` with respect to the identity provided using `identity-id` query parameter.
Any authenticated token can call this endpoint to see their requestable access items.
parameters:
- in: query
name: identity-id
required: false
schema:
type: string
example: e7eab60924f64aa284175b9fa3309599
description: |-
If present, the value returns only requestable objects for the specified identity.
* Admin users can call this with any identity ID value.
* Non-admin users can only specify *me* or pass their own identity ID value.
* If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result.
- in: query
name: types
description: 'Filters the results to the specified type/types, where each type is one of `ROLE` or `ACCESS_PROFILE`. If absent, all types are returned. SailPoint may add support for additional types in the future without notice.'
required: false
schema:
type: array
items:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: Currently supported requestable object types.
example: ACCESS_PROFILE
example: 'ROLE,ACCESS_PROFILE'
explode: false
- in: query
name: term
required: false
schema:
type: string
example: Finance Role
description: 'Allows searching requestable access items with a partial match on the name or description. If `term` is provided, then the API will ignore the `filter` query parameter.'
- in: query
name: statuses
description: 'Filters the result to the specified status/statuses, where each status is one of `AVAILABLE`, `ASSIGNED`, or `PENDING`. Specifying this parameter without also specifying an `identity-id` parameter results in an error. SailPoint may add additional statuses in the future without notice.'
required: false
schema:
type: array
items:
type: string
enum:
- AVAILABLE
- PENDING
- ASSIGNED
- null
description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
example: AVAILABLE
explode: false
example:
- ASSIGNED
- PENDING
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: name sw "bob"
description: |
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in, sw*
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
required: false
example: name
description: |
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
responses:
'200':
description: List of requestable objects
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the requestable object itself
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: Human-readable display name of the requestable object
example: Applied Research Access
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: The time when the requestable object was created
modified:
nullable: true
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: The time when the requestable object was last modified
description:
type: string
description: Description of the requestable object.
example: 'Access to research information, lab results, and schematics.'
nullable: true
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: Currently supported requestable object types.
example: ACCESS_PROFILE
requestStatus:
allOf:
- type: string
enum:
- AVAILABLE
- PENDING
- ASSIGNED
- null
description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
example: AVAILABLE
- nullable: true
identityRequestId:
type: string
description: 'If *requestStatus* is *PENDING*, indicates the id of the associated account activity.'
nullable: true
example: null
ownerRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
requestCommentsRequired:
type: boolean
description: Whether the requester must provide comments when requesting the object.
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-requests/revocable-objects:
get:
operationId: getEntitlementDetailsForIdentity
tags:
- Access Requests
summary: Identity entitlement details
description: Use this API to return the details for a entitlement on an identity including specific data relating to remove date and the ability to revoke the identity.
security:
- userAuth:
- 'idn:requestable-objects:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- USER
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
- in: path
name: identityId
schema:
type: string
required: true
description: The identity ID.
example: 7025c863c2704ba6beeaedf3cb091573
x-sailpoint-resource-operation-id: listIdentities
- in: path
name: entitlementId
schema:
type: string
required: true
description: The entitlement ID
example: ef38f94347e94562b5bb8424a56397d8
x-sailpoint-resource-operation-id: listEntitlements
responses:
'200':
description: Entitlement and Account Reference
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
description: Id of Identity
example: 5928c61f-3f2e-417a-8d65-f76451e2050a
entitlement:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
created:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
description:
type: string
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
nullable: true
type:
type: string
description: 'The type of the object, will always be "ENTITLEMENT"'
example: ENTITLEMENT
sourceId:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
sourceName:
type: string
description: The source name
example: ODS-AD-Source
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
flags:
description: a list of properties informing the viewer about the entitlement
type: array
items:
type: string
example:
- privileged
sourceId:
type: string
description: Id of Source
example: b56728da-a24d-4177-a207-2bc4d42cba27
accountTargets:
description: A list of account targets on the identity provisioned with the requested entitlement.
type: array
items:
type: object
properties:
accountId:
type: string
description: The id of account
example: c5ef070e-92c6-4276-a006-98490f132dec
accountName:
type: string
description: The name of account
example: Adalberto.XYZ
accountUUID:
nullable: true
type: string
description: The UUID representation of the account if available
example: 2236c29e-68a6-494d-a469-d072172f46cf
sourceId:
type: string
description: The id of Source
example: 9269d764-8358-4ab9-9748-d4b7418548ca
sourceName:
type: string
description: The name of Source
example: JDBC XYZ Source
removeDate:
nullable: true
type: string
description: The removal date scheduled for the entitlement on the Identity
example: '2035-01-01T12:00:00.000Z'
assignmentId:
nullable: true
type: string
description: The assignmentId of the entitlement on the Identity
example: 77a5b7b4-262f-4b6a-a2aa-87f84f45f96f
revocable:
type: boolean
default: false
description: If the entitlement can be revoked
example: true
example:
- accountId: e7ef11cee24542b78618ce017117699f
accountName: Adalberto.XYZ
accountUUID: null
sourceId: 0108906b66634d9ab7819a03eb263a88
sourceName: 'ODS-AD-FF-Source [source-XYZ]'
removeDate: null
assignmentId: null
revocable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/roles:
get:
operationId: listRoles
tags:
- Roles
summary: List roles
description: |-
This API returns a list of Roles.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API.
parameters:
- in: query
name: for-subadmin
schema:
type: string
description: 'If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity''s ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.'
example: 5168015d32f890ca15812c9180835d2e
required: false
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**created**: *gt, ge, le*
**modified**: *lt, ge, le*
**owner.id**: *eq, in*
**requestable**: *eq*
**dimensional**: *eq*
example: requestable eq false
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: 'name,-modified'
required: false
- in: query
name: for-segment-ids
schema:
type: string
format: comma-separated
description: |-
If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.
If segmentation is currently unavailable, specifying this parameter results in an error.
example: '0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d'
required: false
- in: query
name: include-unsegmented
schema:
type: boolean
default: true
description: 'Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.'
example: false
required: false
responses:
'200':
description: List of Roles
content:
application/json:
schema:
type: array
items:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: Owner of the object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
nullable: true
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
reauthorizationRequired:
type: boolean
description: Indicates whether reauthorization is required for the request.
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
dimensional:
description: Whether the Role is dimensional.
type: boolean
nullable: true
default: false
dimensionRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- DIMENSION
description: The type of the object to which this reference applies
example: DIMENSION
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Role 2
nullable: true
description: List of references to dimensions to which this Role is assigned. This field is only relevant if the Role is dimensional.
accessModelMetadata:
description: 'This field must be left null or empty when creating an Role, otherwise a 400 Bad Request error will result.'
example:
- key: iscFederalClassifications
name: Federal Classifications
multiselect: true
status: active
type: governance
objectTypes:
- general
description: Classification used by government organizations to specify the level of confidentiality for an access item.
values:
- value: secret
name: Secret
status: active
type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
post:
operationId: createRole
tags:
- Roles
summary: Create a role
description: |-
This API creates a role.
You must have a token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority to call this API.
In addition, a ROLE_SUBADMIN may not create a role including an access profile if that access profile is associated with a source the ROLE_SUBADMIN is not associated with themselves.
The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles. However, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: Owner of the object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
nullable: true
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
reauthorizationRequired:
type: boolean
description: Indicates whether reauthorization is required for the request.
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
dimensional:
description: Whether the Role is dimensional.
type: boolean
nullable: true
default: false
dimensionRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- DIMENSION
description: The type of the object to which this reference applies
example: DIMENSION
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Role 2
nullable: true
description: List of references to dimensions to which this Role is assigned. This field is only relevant if the Role is dimensional.
accessModelMetadata:
description: 'This field must be left null or empty when creating an Role, otherwise a 400 Bad Request error will result.'
example:
- key: iscFederalClassifications
name: Federal Classifications
multiselect: true
status: active
type: governance
objectTypes:
- general
description: Classification used by government organizations to specify the level of confidentiality for an access item.
values:
- value: secret
name: Secret
status: active
type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
required:
- name
- owner
responses:
'201':
description: Role created
content:
application/json:
schema:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: Owner of the object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
nullable: true
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
reauthorizationRequired:
type: boolean
description: Indicates whether reauthorization is required for the request.
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
dimensional:
description: Whether the Role is dimensional.
type: boolean
nullable: true
default: false
dimensionRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- DIMENSION
description: The type of the object to which this reference applies
example: DIMENSION
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Role 2
nullable: true
description: List of references to dimensions to which this Role is assigned. This field is only relevant if the Role is dimensional.
accessModelMetadata:
description: 'This field must be left null or empty when creating an Role, otherwise a 400 Bad Request error will result.'
example:
- key: iscFederalClassifications
name: Federal Classifications
multiselect: true
status: active
type: governance
objectTypes:
- general
description: Classification used by government organizations to specify the level of confidentiality for an access item.
values:
- value: secret
name: Secret
status: active
type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
'/roles/{id}':
get:
operationId: getRole
tags:
- Roles
summary: Get a role
description: |-
This API returns a Role by its ID.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listRoles
schema:
type: string
description: ID of the Role
example: 2c91808a7813090a017814121e121518
responses:
'200':
description: List of all Roles
content:
application/json:
schema:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: Owner of the object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
nullable: true
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
reauthorizationRequired:
type: boolean
description: Indicates whether reauthorization is required for the request.
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
dimensional:
description: Whether the Role is dimensional.
type: boolean
nullable: true
default: false
dimensionRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- DIMENSION
description: The type of the object to which this reference applies
example: DIMENSION
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Role 2
nullable: true
description: List of references to dimensions to which this Role is assigned. This field is only relevant if the Role is dimensional.
accessModelMetadata:
description: 'This field must be left null or empty when creating an Role, otherwise a 400 Bad Request error will result.'
example:
- key: iscFederalClassifications
name: Federal Classifications
multiselect: true
status: active
type: governance
objectTypes:
- general
description: Classification used by government organizations to specify the level of confidentiality for an access item.
values:
- value: secret
name: Secret
status: active
type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
patch:
operationId: patchRole
tags:
- Roles
summary: Patch a specified role
description: |-
This API updates an existing role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
The following fields are patchable:
* name
* description
* enabled
* owner
* accessProfiles
* entitlements
* membership
* requestable
* accessRequestConfig
* revokeRequestConfig
* segments
* accessModelMetadata
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all access profiles included in the role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.
When you use this API to modify a role's membership identities, you can only modify up to a limit of 500 membership identities at a time.
parameters:
- name: id
in: path
description: ID of the Role to patch
required: true
x-sailpoint-resource-operation-id: listRoles
schema:
type: string
example: 2c91808a7813090a017814121e121518
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Make a Role Requestable and Enable it in One Call:
description: This example shows how multiple fields may be updated with a single patch call.
value:
- op: replace
path: /requestable
value: true
- op: replace
path: /enabled
value: true
Assign a Role to a Segment:
description: This example illustrates the use of patch to assign a Role to a Segment by adding the Segment's ID to the Role's segments array.
value:
- op: add
path: /segments/-
value: f7b1b8a3-5fed-4fd4-ad29-82014e137e19
Set the Membership Selection Criteria to a List of Identities:
description: 'This example shows how to define a Role''s membershp by providing a list of Identities, referenced by their IDs.'
value:
- op: replace
path: /membership
value:
type: IDENTITY_LIST
identities:
- id: 2c91808973fe906c0174262092014ed9
- id: 2c918086262092014ed94fb8a47612f3
Set the Membership Selection Criteria to a Standard Expression:
description: 'This example shows how to define a Role''s membership using STANDARD criteria. In this case, the Role will be granted to all Identities which have the *Engineering* attribute from the indicated Source.'
value:
- op: replace
path: /membership
value:
type: STANDARD
criteria:
operation: OR
children:
- operation: EQUALS
key:
type: ENTITLEMENT
property: attribute.memberOf
sourceId: 2c9180887701fb2014213e122092014e
stringValue: Engineering
Add a New Clause as the Child of an Existing Standard Expression:
description: This example shows how to add a child clause to an existing STANDARD criteria expression.
value:
- op: add
path: /membership/criteria/children/-
value:
operation: ENDS_WITH
key:
type: IDENTITY
property: attribute.email
stringValue: '@identitynow.com'
Assign a Access Model Metadata to a Role:
description: This example shows how to assign a existing metadata to a role.
value:
- op: add
path: /accessModelMetadata/attributes/0
value:
key: iscFederalClassifications
values:
- value: secret
Add an Access Profile to a Role:
description: This example shows how to add an access profile to a role.
value:
- op: add
path: /accessProfiles/-
value:
id: 1de104e1f9024b1289b3a31e22d28cd1
type: ACCESS_PROFILE
Add an Entitlement to a Role:
description: This example shows how to add an entitlement to a role.
value:
- op: add
path: /entitlements/-
value:
id: 0fb2f8051e48421b8f1f8a64aee3b205
type: ENTITLEMENT
required: true
responses:
'200':
description: Responds with the Role as updated.
content:
application/json:
schema:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: Owner of the object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
nullable: true
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
reauthorizationRequired:
type: boolean
description: Indicates whether reauthorization is required for the request.
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
dimensional:
description: Whether the Role is dimensional.
type: boolean
nullable: true
default: false
dimensionRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- DIMENSION
description: The type of the object to which this reference applies
example: DIMENSION
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Role 2
nullable: true
description: List of references to dimensions to which this Role is assigned. This field is only relevant if the Role is dimensional.
accessModelMetadata:
description: 'This field must be left null or empty when creating an Role, otherwise a 400 Bad Request error will result.'
example:
- key: iscFederalClassifications
name: Federal Classifications
multiselect: true
status: active
type: governance
objectTypes:
- general
description: Classification used by government organizations to specify the level of confidentiality for an access item.
values:
- value: secret
name: Secret
status: active
type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
delete:
operationId: deleteRole
tags:
- Roles
summary: Delete a role
description: |-
This API deletes a Role by its ID.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listRoles
schema:
type: string
description: ID of the Role
example: 2c91808a7813090a017814121e121518
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
/roles/bulk-delete:
post:
operationId: deleteBulkRoles
summary: Delete role(s)
tags:
- Roles
description: |-
This endpoint initiates a bulk deletion of one or more roles.
When the request is successful, the endpoint returns the bulk delete's task result ID. To follow the task, you can use [Get Task Status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status), which will return the task result's status and information.
This endpoint can only bulk delete up to a limit of 50 roles per request.
A user with ROLE_SUBADMIN authority can only call this endpoint if all roles included in the request are associated with sources with management workgroups the ROLE_SUBADMIN is a member of.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
roleIds:
description: List of IDs of Roles to be deleted.
type: array
items:
type: string
example:
- 2c9180847812e0b1017817051919ecca
- 2c9180887812e0b201781e129f151816
required:
- roleIds
example:
roleIds:
- 2c91808876438bb2017668b91919ecca
- 2c91808876438ba801766e129f151816
responses:
'202':
description: Returns an object with the id of the task performing the delete operation.
content:
application/json:
schema:
type: object
description: Task result.
properties:
type:
type: string
description: Task result DTO type.
enum:
- TASK_RESULT
example: TASK_RESULT
id:
type: string
description: Task result ID.
example: 464ae7bf791e49fdb74606a2e4a89635
name:
type: string
description: Task result display name.
nullable: true
example: null
example:
type: TASK_RESULT
id: 464ae7bf791e49fdb74606a2e4a89635
name: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
400.1 Bad Request Content:
description: Response for bad request content
value:
detailCode: 400.1 Bad Request Content
trackingId: 1ea1adcb84da4dcb890145e05745774e
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The request was syntactically correct but its content is semantically invalid.
400.1 Role ids limit violation:
description: Role ids limit violation response
value:
detailCode: 400.1 Bad Request Content
trackingId: 77aa89ac6f0e422dbc588866abc22be9
messages:
- locale: en-US
localeOrigin: DEFAULT
text: roleIds count exceeded max limit of 50 for bulk-delete.
400.1.404 Referenced object not found:
description: Referenced object not found response
value:
detailCode: 400.1.404 Referenced object not found
trackingId: 77aa89ac6f0e422dbc588866abc22be9
messages:
- locale: en-US
localeOrigin: DEFAULT
text: 'Referenced roleIds ["2c91808876438bb2017668b91919ecca"] was not found.'
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
'/roles/{id}/assigned-identities':
get:
operationId: getRoleAssignedIdentities
tags:
- Roles
summary: List identities assigned a role
parameters:
- in: path
name: id
schema:
type: string
description: ID of the Role for which the assigned Identities are to be listed
example: 2c91808a7813090a017814121e121518
required: true
x-sailpoint-resource-operation-id: listRoles
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**aliasName**: *eq, sw*
**email**: *eq, sw*
**name**: *eq, sw, co*
example: name sw Joe
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, aliasName, email**
example: 'aliasName,name'
responses:
'200':
description: List of Identities assigned the Role
content:
application/json:
schema:
type: array
items:
type: object
description: A subset of the fields of an Identity which is a member of a Role.
properties:
id:
type: string
description: The ID of the Identity
example: 2c9180a46faadee4016fb4e018c20639
aliasName:
type: string
description: The alias / username of the Identity
example: t.edison
name:
type: string
description: The human-readable display name of the Identity
example: Thomas Edison
email:
type: string
description: Email address of the Identity
example: t.edison@identitynow.com
roleAssignmentSource:
type: string
enum:
- ACCESS_REQUEST
- ROLE_MEMBERSHIP
description: Type which indicates how a particular Identity obtained a particular Role
example: ACCESS_REQUEST
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
'/roles/{roleId}/dimensions':
get:
operationId: listDimensions
tags:
- Dimensions
summary: List dimensions
description: |-
This API returns a list of dimensions under a specified role.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API.
parameters:
- in: path
name: roleId
required: true
x-sailpoint-resource-operation-id: listRoles
schema:
type: string
description: Parent Role Id of the dimension.
example: 6603fba3004f43c687610a29195252ce
- in: query
name: for-subadmin
schema:
type: string
description: 'If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity''s ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.'
example: 5168015d32f890ca15812c9180835d2e
required: false
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
example: id eq '2c918086749d78830174a1a40e121518'
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: 'name,-modified'
required: false
responses:
'200':
description: List of Dimensions
content:
application/json:
schema:
type: array
items:
type: object
description: A Dimension
properties:
id:
type: string
description: 'The id of the Dimension. This field must be left null when creating a dimension, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Dimension
maxLength: 128
example: Dimension 2567
created:
type: string
description: Date the Dimension was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Dimension was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Dimension
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: Owner of the object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Dimension is to be granted to Identities which either satisfy specific criteria.'
properties:
type:
type: string
enum:
- STANDARD
description: |-
This enum characterizes the type of a Dimension's membership selector. Only the STANDARD type supported:
STANDARD: Indicates that Dimension membership is defined in terms of a criteria expression
example: STANDARD
criteria:
nullable: true
type: object
description: Defines STANDARD type Dimension membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Dimension membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
parentId:
type: string
nullable: true
description: 'The ID of the parent role. This field can be left null when creating a dimension, but if provided, it must match the role ID specified in the path variable of the API call.'
example: 2c918086749d78830174a1a40e121518
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
post:
operationId: createDimension
tags:
- Dimensions
summary: Create a dimension
description: |-
This API creates a dimension.
You must have a token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority to call this API.
Additionally, a ROLE_SUBADMIN cannot create a dimension that includes an access profile or entitlement if that access profile or entitlement is linked to a source that the ROLE_SUBADMIN is not associated with.
The maximum supported length for the description field is 2000 characters.
parameters:
- in: path
name: roleId
required: true
x-sailpoint-resource-operation-id: listRoles
schema:
type: string
description: Parent Role Id of the dimension.
example: 6603fba3004f43c687610a29195252ce
requestBody:
required: true
content:
application/json:
schema:
type: object
description: A Dimension
properties:
id:
type: string
description: 'The id of the Dimension. This field must be left null when creating a dimension, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Dimension
maxLength: 128
example: Dimension 2567
created:
type: string
description: Date the Dimension was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Dimension was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Dimension
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: Owner of the object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Dimension is to be granted to Identities which either satisfy specific criteria.'
properties:
type:
type: string
enum:
- STANDARD
description: |-
This enum characterizes the type of a Dimension's membership selector. Only the STANDARD type supported:
STANDARD: Indicates that Dimension membership is defined in terms of a criteria expression
example: STANDARD
criteria:
nullable: true
type: object
description: Defines STANDARD type Dimension membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Dimension membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
parentId:
type: string
nullable: true
description: 'The ID of the parent role. This field can be left null when creating a dimension, but if provided, it must match the role ID specified in the path variable of the API call.'
example: 2c918086749d78830174a1a40e121518
required:
- name
- owner
responses:
'201':
description: Dimension created
content:
application/json:
schema:
type: object
description: A Dimension
properties:
id:
type: string
description: 'The id of the Dimension. This field must be left null when creating a dimension, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Dimension
maxLength: 128
example: Dimension 2567
created:
type: string
description: Date the Dimension was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Dimension was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Dimension
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: Owner of the object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Dimension is to be granted to Identities which either satisfy specific criteria.'
properties:
type:
type: string
enum:
- STANDARD
description: |-
This enum characterizes the type of a Dimension's membership selector. Only the STANDARD type supported:
STANDARD: Indicates that Dimension membership is defined in terms of a criteria expression
example: STANDARD
criteria:
nullable: true
type: object
description: Defines STANDARD type Dimension membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Dimension membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
parentId:
type: string
nullable: true
description: 'The ID of the parent role. This field can be left null when creating a dimension, but if provided, it must match the role ID specified in the path variable of the API call.'
example: 2c918086749d78830174a1a40e121518
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
'/roles/{roleId}/dimensions/{dimensionId}':
get:
operationId: getDimension
tags:
- Dimensions
summary: Get a dimension under role.
description: |-
This API returns a Dimension by its ID.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles or Entitlements included in the Dimension or Parent Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
parameters:
- in: path
name: roleId
required: true
x-sailpoint-resource-operation-id: listRoles
schema:
type: string
description: Parent Role Id of the dimension.
example: 6603fba3004f43c687610a29195252ce
- in: path
name: dimensionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listDimensions
description: Id of the Dimension
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: Dimension
content:
application/json:
schema:
type: object
description: A Dimension
properties:
id:
type: string
description: 'The id of the Dimension. This field must be left null when creating a dimension, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Dimension
maxLength: 128
example: Dimension 2567
created:
type: string
description: Date the Dimension was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Dimension was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Dimension
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: Owner of the object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Dimension is to be granted to Identities which either satisfy specific criteria.'
properties:
type:
type: string
enum:
- STANDARD
description: |-
This enum characterizes the type of a Dimension's membership selector. Only the STANDARD type supported:
STANDARD: Indicates that Dimension membership is defined in terms of a criteria expression
example: STANDARD
criteria:
nullable: true
type: object
description: Defines STANDARD type Dimension membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Dimension membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
parentId:
type: string
nullable: true
description: 'The ID of the parent role. This field can be left null when creating a dimension, but if provided, it must match the role ID specified in the path variable of the API call.'
example: 2c918086749d78830174a1a40e121518
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
patch:
operationId: patchDimension
tags:
- Dimensions
summary: Patch a specified dimension
description: |-
This API updates an existing dimension using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
The following fields are patchable: **name** **description** **owner** **accessProfiles** **entitlements** **membership**
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all access profiles/entitlements included in the dimension are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
The maximum supported length for the description field is 2000 characters.
When you use this API to modify a dimension's membership identities, you can only modify up to a limit of 500 membership identities at a time.
parameters:
- in: path
name: roleId
required: true
x-sailpoint-resource-operation-id: listRoles
schema:
type: string
description: Parent Role Id of the dimension.
example: 6603fba3004f43c687610a29195252ce
- in: path
name: dimensionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listDimensions
description: Id of the Dimension
example: 2c9180835d191a86015d28455b4a2329
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Update a Dimension name and description field in One Call:
description: This example shows how multiple fields may be updated with a single patch call.
value:
- op: replace
path: /description
value: Test Description
- op: replace
path: /name
value: new name
Set the Membership Selection Criteria to a List of Identities:
description: 'This example shows how to define a Dimension''s membershp by providing a list of Identities, referenced by their IDs.'
value:
- op: replace
path: /membership
value:
type: IDENTITY_LIST
identities:
- id: 2c91808973fe906c0174262092014ed9
- id: 2c918086262092014ed94fb8a47612f3
Set the Membership Selection Criteria to a Standard Expression:
description: 'This example shows how to define a Dimensions''s membership using STANDARD criteria. In this case, the Dimension will be granted to all Identities which have the *Engineering* attribute from the indicated Source.'
value:
- op: replace
path: /membership
value:
type: STANDARD
criteria:
operation: OR
children:
- operation: EQUALS
key:
type: ENTITLEMENT
property: attribute.memberOf
sourceId: 2c9180887701fb2014213e122092014e
stringValue: Engineering
Add a New Clause as the Child of an Existing Standard Expression:
description: This example shows how to add a child clause to an existing STANDARD criteria expression.
value:
- op: add
path: /membership/criteria/children/-
value:
operation: ENDS_WITH
key:
type: IDENTITY
property: attribute.email
stringValue: '@identitynow.com'
required: true
responses:
'200':
description: Responds with the Dimension as updated.
content:
application/json:
schema:
type: object
description: A Dimension
properties:
id:
type: string
description: 'The id of the Dimension. This field must be left null when creating a dimension, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Dimension
maxLength: 128
example: Dimension 2567
created:
type: string
description: Date the Dimension was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Dimension was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Dimension
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: Owner of the object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Dimension is to be granted to Identities which either satisfy specific criteria.'
properties:
type:
type: string
enum:
- STANDARD
description: |-
This enum characterizes the type of a Dimension's membership selector. Only the STANDARD type supported:
STANDARD: Indicates that Dimension membership is defined in terms of a criteria expression
example: STANDARD
criteria:
nullable: true
type: object
description: Defines STANDARD type Dimension membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Dimension membership
properties:
operation:
type: string
enum:
- EQUALS
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: Refers to a specific Identity attribute used in Dimension membership criteria.
properties:
type:
type: string
enum:
- IDENTITY
description: Indicates whether the associated criteria represents an expression on identity attributes.
example: IDENTITY
property:
type: string
description: The name of the identity attribute to which the associated criteria applies.
example: attribute.email
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
parentId:
type: string
nullable: true
description: 'The ID of the parent role. This field can be left null when creating a dimension, but if provided, it must match the role ID specified in the path variable of the API call.'
example: 2c918086749d78830174a1a40e121518
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
delete:
operationId: deleteDimension
tags:
- Dimensions
summary: Delete a dimension
description: |-
This API deletes a Dimension by its ID.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles/Entitlements included in the Dimension are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
parameters:
- in: path
name: roleId
required: true
x-sailpoint-resource-operation-id: listRoles
schema:
type: string
description: Parent Role Id of the dimension.
example: 6603fba3004f43c687610a29195252ce
- in: path
name: dimensionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listDimensions
description: Id of the Dimension
example: 2c9180835d191a86015d28455b4a2329
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
'/roles/{roleId}/dimensions/bulk-delete':
post:
operationId: deleteBulkDimensions
summary: Delete dimension(s)
tags:
- Dimensions
description: |-
This endpoint initiates a bulk deletion of one or more dimensions.
When the request is successful, the endpoint returns the bulk delete's task result ID. To follow the task, you can use [Get Task Status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status), which will return the task result's status and information.
This endpoint can only bulk delete up to a limit of 50 roles per request.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this endpoint. In addition, a token with ROLE_SUBADMIN authority can only call this endpoint if all dimensions included in the request are associated with sources with management workgroups the ROLE_SUBADMIN is a member of.
parameters:
- in: path
name: roleId
required: true
x-sailpoint-resource-operation-id: listRoles
schema:
type: string
description: Parent Role Id of the dimensions.
example: 6603fba3004f43c687610a29195252ce
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
dimensionIds:
description: List of IDs of Dimensions to be deleted.
type: array
items:
type: string
example:
- 2c9180847812e0b1017817051919ecca
- 2c9180887812e0b201781e129f151816
required:
- dimensionIds
example:
dimensionIds:
- 2c91808876438bb2017668b91919ecca
- 2c91808876438ba801766e129f151816
responses:
'202':
description: Returns an object with the id of the task performing the delete operation.
content:
application/json:
schema:
type: object
description: Task result.
properties:
type:
type: string
description: Task result DTO type.
enum:
- TASK_RESULT
example: TASK_RESULT
id:
type: string
description: Task result ID.
example: 464ae7bf791e49fdb74606a2e4a89635
name:
type: string
description: Task result display name.
nullable: true
example: null
example:
type: TASK_RESULT
id: 464ae7bf791e49fdb74606a2e4a89635
name: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
400.1 Bad Request Content:
description: Response for bad request content
value:
detailCode: 400.1 Bad Request Content
trackingId: 1ea1adcb84da4dcb890145e05745774e
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The request was syntactically correct but its content is semantically invalid.
400.1 Dimension ids limit violation:
description: Dimension ids limit violation response
value:
detailCode: 400.1 Bad Request Content
trackingId: 77aa89ac6f0e422dbc588866abc22be9
messages:
- locale: en-US
localeOrigin: DEFAULT
text: dimensionIds count exceeded max limit of 50 for bulk-delete.
400.1.404 Referenced object not found:
description: Referenced object not found response
value:
detailCode: 400.1.404 Referenced object not found
trackingId: 77aa89ac6f0e422dbc588866abc22be9
messages:
- locale: en-US
localeOrigin: DEFAULT
text: 'Referenced dimensionIds ["2c91808876438bb2017668b91919ecca"] was not found.'
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
'/roles/{roleId}/dimensions/{dimensionId}/access-profiles':
get:
operationId: listDimensionAccessProfiles
tags:
- Dimensions
summary: List dimension's access profiles
description: |-
This API lists the Access Profiles associated with a given Dimension
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
parameters:
- in: path
name: roleId
required: true
x-sailpoint-resource-operation-id: listRoles
schema:
type: string
description: Parent Role Id of the dimension.
example: 6603fba3004f43c687610a29195252ce
- in: path
name: dimensionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listDimensions
description: Id of the Dimension
example: 2c9180835d191a86015d28455b4a2329
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**source.id**: *eq, in*
example: source.id eq "2c91808982f979270182f99e386d00fa"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: 'name,-modified'
required: false
responses:
'200':
description: List of Access Profiles
content:
application/json:
schema:
type: array
items:
type: object
description: Access profile.
properties:
id:
type: string
description: Access profile ID.
example: 2c91808a7190d06e01719938fcd20792
readOnly: true
name:
type: string
description: Access profile name.
example: Employee-database-read-write
description:
type: string
nullable: true
description: Access profile description.
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date and time when the access profile was created.
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date and time when the access profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
enabled:
type: boolean
default: false
description: 'Indicates whether the access profile is enabled. If it''s enabled, you must include at least one entitlement.'
example: true
owner:
description: Access profile owner.
type: object
nullable: false
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
source:
type: object
properties:
id:
type: string
description: ID of the source the access profile is associated with.
example: 2c91809773dee3610173fdb0b6061ef4
type:
type: string
enum:
- SOURCE
description: Source's DTO type.
example: SOURCE
name:
type: string
description: Source name.
example: ODS-AD-SOURCE
entitlements:
type: array
nullable: true
description: 'List of entitlements associated with the access profile. If `enabled` is false, this can be empty. Otherwise, it must contain at least one entitlement.'
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
requestable:
type: boolean
default: true
description: 'Indicates whether the access profile is requestable by access request. Currently, making an access profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an access profile with a value **false** in this field results in a 400 error.'
example: true
accessRequestConfig:
nullable: true
description: Access request configuration for the object.
type: object
properties:
commentsRequired:
type: boolean
description: Indicates whether the requester of the containing object must provide comments justifying the request.
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Indicates whether an approver must provide comments when denying the request.
example: true
nullable: true
default: false
reauthorizationRequired:
type: boolean
description: Indicates whether reauthorization is required for the request.
example: true
nullable: true
default: false
approvalSchemes:
type: array
nullable: true
description: List describing the steps involved in approving the request.
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. These are the possible values:
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`.
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
description: Revocation request configuration for the object.
type: object
properties:
approvalSchemes:
type: array
nullable: true
description: List describing the steps involved in approving the revocation request.
items:
type: object
properties:
approverType:
type: string
enum:
- APP_OWNER
- OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. These are the possible values:
**APP_OWNER**: The owner of the Application
**OWNER**: Owner of the associated Access Profile or Role
**SOURCE_OWNER**: Owner of the Source associated with an Access Profile
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`.
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
nullable: true
items:
type: string
description: 'List of segment IDs, if any, that the access profile is assigned to.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
provisioningCriteria:
description: 'When an identity has multiple accounts on the source the access profile is associated with, the API evaluates this expression against those accounts to choose one to provision with the access profile.'
nullable: true
example:
operation: OR
children:
- operation: AND
children:
- attribute: dn
operation: CONTAINS
value: useast
- attribute: manager
operation: CONTAINS
value: Scott.Clark
- operation: AND
children:
- attribute: dn
operation: EQUALS
value: Gibson
- attribute: telephoneNumber
operation: CONTAINS
value: '512'
type: object
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an account to be provisioned with a specific access profile.
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines matching criteria for an account to be provisioned with a specific access profile.
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- HAS
- AND
- OR
description: Supported operations on `ProvisioningCriteria`.
example: EQUALS
attribute:
type: string
description: 'Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error.'
example: email
nullable: true
value:
type: string
nullable: true
description: 'String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: string
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
nullable: true
description: 'Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.'
example: null
required:
- owner
- name
- source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
'/roles/{roleId}/dimensions/{dimensionId}/entitlements':
get:
operationId: getDimensionEntitlements
tags:
- Dimensions
summary: List dimension's entitlements
description: |-
This API lists the Entitlements associated with a given dimension.
A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API.
parameters:
- in: path
name: roleId
required: true
x-sailpoint-resource-operation-id: listRoles
schema:
type: string
description: Parent Role Id of the dimension.
example: 6603fba3004f43c687610a29195252ce
- in: path
name: dimensionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listDimensions
description: Id of the Dimension
example: 2c9180835d191a86015d28455b4a2329
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**attribute**: *eq, sw*
**value**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**source.id**: *eq, in*
example: attribute eq "memberOf"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, attribute, value, created, modified**
example: 'name,-modified'
required: false
responses:
'200':
description: List of Entitlements
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
attribute:
type: string
description: The entitlement attribute name
example: memberOf
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
description:
type: string
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
nullable: true
privileged:
type: boolean
description: True if the entitlement is privileged
default: false
example: true
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
default: false
example: true
requestable:
type: boolean
description: True if the entitlement is able to be directly requested
example: true
default: false
owner:
type: object
description: The identity that owns the entitlement
nullable: true
properties:
id:
type: string
description: The identity ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
enum:
- IDENTITY
description: The type of object
example: IDENTITY
name:
type: string
description: The display name of the identity
example: john.doe
manuallyUpdatedFields:
type: object
description: 'A map of entitlement fields that have been manually updated. The key is the field name in UPPER_SNAKE_CASE format, and the value is true or false to indicate if the field has been updated.'
nullable: true
additionalProperties: true
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
type: object
description: Additional data to classify the entitlement
properties:
attributes:
type: array
items:
type: object
description: Metadata that describes an access item
properties:
key:
type: string
description: Unique identifier for the metadata type
example: iscCsp
name:
type: string
description: Human readable name of the metadata type
example: CSP
multiselect:
type: boolean
default: false
example: true
description: Allows selecting multiple values
status:
type: string
description: The state of the metadata item
example: active
type:
type: string
description: The type of the metadata item
example: governance
objectTypes:
type: array
description: The types of objects
example:
- general
items:
type: string
example: general
description:
type: string
description: Describes the metadata item
example: Indicates the type of deployment environment of an access item.
values:
type: array
description: The value to assign to the metadata item
items:
type: object
description: An individual value to assign to the metadata item
properties:
value:
type: string
description: The value to assign to the metdata item
example: development
name:
type: string
description: Display name of the value
example: Development
status:
type: string
description: The status of the individual value
example: active
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
example: HereIsRight1
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
/saved-searches:
post:
security:
- userAuth:
- 'sp:saved-search:create'
tags:
- Saved Search
description: |
Creates a new saved search.
summary: Create a saved search
operationId: createSavedSearch
requestBody:
description: The saved search to persist.
content:
application/json:
schema:
allOf:
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
required: true
responses:
'201':
description: The persisted saved search.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: |
The saved search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
owner:
description: |
The owner of the saved search.
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
ownerId:
type: string
description: The ID of the identity that owns this saved search.
example: 2c91808568c529c60168cca6f90c1313
public:
type: boolean
description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time.
default: false
example: false
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
security:
- userAuth:
- 'sp:saved-search:read'
tags:
- Saved Search
description: |
Returns a list of saved searches.
summary: A list of saved searches
operationId: listSavedSearches
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: filters
in: query
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**owner.id**: *eq*
example: owner.id eq "7a724640-0c17-4ce9-a8c3-4a89738459c8"
responses:
'200':
description: The list of requested saved searches.
content:
application/json:
schema:
type: array
items:
type: object
allOf:
- type: object
properties:
id:
description: |
The saved search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
owner:
description: |
The owner of the saved search.
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
ownerId:
type: string
description: The ID of the identity that owns this saved search.
example: 2c91808568c529c60168cca6f90c1313
public:
type: boolean
description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time.
default: false
example: false
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
headers:
X-Total-Count:
description: The total result count (returned only if the *count* parameter is specified as *true*).
schema:
type: integer
example: 5
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/saved-searches/{id}':
put:
tags:
- Saved Search
description: |
Updates an existing saved search.
>**NOTE: You cannot update the `owner` of the saved search.**
summary: |
Updates an existing saved search
operationId: putSavedSearch
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
x-sailpoint-resource-operation-id: listSavedSearches
requestBody:
description: The saved search to persist.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: |
The saved search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
owner:
description: |
The owner of the saved search.
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
ownerId:
type: string
description: The ID of the identity that owns this saved search.
example: 2c91808568c529c60168cca6f90c1313
public:
type: boolean
description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time.
default: false
example: false
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
required: true
responses:
'200':
description: The persisted saved search.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: |
The saved search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
owner:
description: |
The owner of the saved search.
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
ownerId:
type: string
description: The ID of the identity that owns this saved search.
example: 2c91808568c529c60168cca6f90c1313
public:
type: boolean
description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time.
default: false
example: false
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
tags:
- Saved Search
description: |
Returns the specified saved search.
summary: Return saved search by id
operationId: getSavedSearch
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
x-sailpoint-resource-operation-id: listSavedSearches
responses:
'200':
description: The requested saved search.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: |
The saved search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
owner:
description: |
The owner of the saved search.
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
ownerId:
type: string
description: The ID of the identity that owns this saved search.
example: 2c91808568c529c60168cca6f90c1313
public:
type: boolean
description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time.
default: false
example: false
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
tags:
- Saved Search
description: |
Deletes the specified saved search.
summary: Delete document by id
operationId: deleteSavedSearch
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
x-sailpoint-resource-operation-id: listSavedSearches
responses:
'204':
description: No Content - Indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/saved-searches/{id}/execute':
post:
tags:
- Saved Search
description: |
Executes the specified saved search.
summary: Execute a saved search by id
operationId: executeSavedSearch
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
x-sailpoint-resource-operation-id:
- listAccessProfiles
- listAccountActivities
- listEntitlements
- listRoles
- listIdentities
requestBody:
description: |
When saved search execution is triggered by a scheduled search, *scheduleId* will specify the ID of the triggering scheduled search.
If *scheduleId* is not specified (when execution is triggered by a UI test), the *owner* and *recipients* arguments must be provided.
content:
application/json:
schema:
type: object
properties:
scheduleId:
description: |
The ID of the scheduled search that triggered the saved search execution.
type: string
example: 7a724640-0c17-4ce9-a8c3-4a89738459c8
owner:
description: |
The owner of the scheduled search being tested.
allOf:
- type: object
description: |
A typed reference to the object.
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
recipients:
description: |
The email recipients of the scheduled search being tested.
type: array
items:
type: object
description: |
A typed reference to the object.
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
examples:
scheduled:
summary: Triggered by scheduled search
value:
scheduleId: 7a724640-0c17-4ce9-a8c3-4a89738459c8
test:
summary: Triggered by ui test
value:
owner:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
recipients:
- type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
required: true
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/scheduled-searches:
post:
tags:
- Scheduled Search
description: |
Creates a new scheduled search.
summary: Create a new scheduled search
operationId: createScheduledSearch
requestBody:
description: The scheduled search to persist.
content:
application/json:
schema:
allOf:
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
examples:
Daily Search:
description: A search that executes each day at a 9 AM
value:
savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad
schedule:
type: DAILY
hours:
type: LIST
values:
- '9'
recipients:
- type: IDENTITY
id: 2c9180867624cbd7017642d8c8c81f67
Weekly Search:
description: A search that executes each week on select days and times
value:
savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad
schedule:
type: WEEKLY
days:
type: LIST
values:
- MON
- TUE
- WED
- THU
- FRI
- SAT
- SUN
hours:
type: LIST
values:
- '9'
recipients:
- type: IDENTITY
id: 2c9180867624cbd7017642d8c8c81f67
Monthly Search:
description: A search that executes each month on select days and times
value:
savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad
schedule:
type: MONTHLY
days:
type: LIST
values:
- '1'
- '7'
- '14'
- L
hours:
type: LIST
values:
- '9'
recipients:
- type: IDENTITY
id: 2c9180867624cbd7017642d8c8c81f67
Annual Search:
description: 'A search that executes each year on the defined months, days, and times.'
value:
savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad
schedule:
type: ANNUALLY
months:
type: LIST
values:
- '1'
interval: 3
days:
type: LIST
values:
- '1'
- '7'
- '14'
- L
hours:
type: LIST
values:
- '9'
recipients:
- type: IDENTITY
id: 2c9180867624cbd7017642d8c8c81f67
Calendar Search:
description: A search that executes on specific calendar days
value:
savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad
schedule:
type: CALENDAR
days:
type: LIST
values:
- '2023-01-22'
- '2023-02-22'
hours:
type: LIST
values:
- '9'
recipients:
- type: IDENTITY
id: 2c9180867624cbd7017642d8c8c81f67
required: true
responses:
'201':
description: The persisted scheduled search.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: The scheduled search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
readOnly: true
owner:
description: The owner of the scheduled search
readOnly: true
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
ownerId:
description: |
The ID of the scheduled search owner.
Please use the `id` in the `owner` object instead.
type: string
example: 2c9180867624cbd7017642d8c8c81f67
readOnly: true
deprecated: true
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
required:
- id
- owner
- ownerId
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
tags:
- Scheduled Search
description: |
Returns a list of scheduled searches.
summary: List scheduled searches
operationId: listScheduledSearch
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: filters
in: query
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**owner.id**: *eq*
**savedSearchId**: *eq*
example: savedSearchId eq "6cc0945d-9eeb-4948-9033-72d066e1153e"
responses:
'200':
description: The list of requested scheduled searches.
content:
application/json:
schema:
type: array
items:
type: object
allOf:
- type: object
properties:
id:
description: The scheduled search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
readOnly: true
owner:
description: The owner of the scheduled search
readOnly: true
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
ownerId:
description: |
The ID of the scheduled search owner.
Please use the `id` in the `owner` object instead.
type: string
example: 2c9180867624cbd7017642d8c8c81f67
readOnly: true
deprecated: true
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
required:
- id
- owner
- ownerId
headers:
X-Total-Count:
description: The total result count (returned only if the *count* parameter is specified as *true*).
schema:
type: integer
example: 5
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/scheduled-searches/{id}':
put:
tags:
- Scheduled Search
description: |
Updates an existing scheduled search.
summary: Update an existing scheduled search
operationId: updateScheduledSearch
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
x-sailpoint-resource-operation-id: listScheduledSearch
requestBody:
description: The scheduled search to persist.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: The scheduled search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
readOnly: true
owner:
description: The owner of the scheduled search
readOnly: true
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
ownerId:
description: |
The ID of the scheduled search owner.
Please use the `id` in the `owner` object instead.
type: string
example: 2c9180867624cbd7017642d8c8c81f67
readOnly: true
deprecated: true
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
required:
- id
- owner
- ownerId
required: true
responses:
'200':
description: The persisted scheduled search.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: The scheduled search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
readOnly: true
owner:
description: The owner of the scheduled search
readOnly: true
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
ownerId:
description: |
The ID of the scheduled search owner.
Please use the `id` in the `owner` object instead.
type: string
example: 2c9180867624cbd7017642d8c8c81f67
readOnly: true
deprecated: true
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
required:
- id
- owner
- ownerId
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
tags:
- Scheduled Search
description: Returns the specified scheduled search.
summary: Get a scheduled search
operationId: getScheduledSearch
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
x-sailpoint-resource-operation-id: listScheduledSearch
responses:
'200':
description: The requested scheduled search.
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
id:
description: The scheduled search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
readOnly: true
owner:
description: The owner of the scheduled search
readOnly: true
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
ownerId:
description: |
The ID of the scheduled search owner.
Please use the `id` in the `owner` object instead.
type: string
example: 2c9180867624cbd7017642d8c8c81f67
readOnly: true
deprecated: true
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
required:
- id
- owner
- ownerId
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
tags:
- Scheduled Search
description: |
Deletes the specified scheduled search.
operationId: deleteScheduledSearch
summary: Delete a scheduled search
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
x-sailpoint-resource-operation-id: listScheduledSearch
responses:
'204':
description: No Content - Indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/scheduled-searches/{id}/unsubscribe':
post:
tags:
- Scheduled Search
description: |
Unsubscribes a recipient from the specified scheduled search.
operationId: unsubscribeScheduledSearch
summary: Unsubscribe a recipient from scheduled search
parameters:
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
x-sailpoint-resource-operation-id:
- listAccessProfiles
- listAccountActivities
- listEntitlements
- listRoles
- listIdentities
requestBody:
description: |
The recipient to be removed from the scheduled search.
content:
application/json:
schema:
type: object
description: |
A typed reference to the object.
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
required: true
responses:
'204':
description: No Content - Indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
/search:
post:
tags:
- Search
description: 'Perform a search with the provided query and return a matching result collection. To page past 10,000 records, you can use `searchAfter` paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement `searchAfter` paging. '
externalDocs:
description: Learn more about search.
url: 'https://documentation.sailpoint.com/saas/help/search/index.html'
operationId: searchPost
security:
- userAuth:
- 'sp:search:read'
- applicationAuth:
- 'sp:search:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
- REPORT_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- HELPDESK
summary: Perform search
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 10000
schema:
type: integer
format: int32
minimum: 0
maximum: 10000
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
requestBody:
content:
application/json:
schema:
type: object
properties:
indices:
description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.'
externalDocs:
description: Learn more about search indices here.
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html'
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
queryType:
description: |-
The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.
To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
- TEXT
- TYPEAHEAD
default: SAILPOINT
example: SAILPOINT
queryVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the query object.
This version number will map to the version of Elasticsearch for the query strings and objects being used.
query:
type: object
description: Query parameters used to construct an Elasticsearch query object.
properties:
query:
description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'name:a*'
fields:
description: |-
The fields the query will be applied to. Fields provide you with a simple way to add additional fields to search, without making the query too complicated. For example, you can use the fields to specify that you want your query of "a*" to be applied to "name", "firstName", and the "source.name". The response will include all results matching the "a*" query found in those three fields.
A field's availability depends on the indices being searched. For example, if you are searching "identities", you can apply your search to the "firstName" field, but you couldn't use "firstName" with a search on "access profiles". Refer to the response schema for the respective lists of available fields.
type: string
example:
- 'firstName,lastName,email'
timeZone:
description: The time zone to be applied to any range query related to dates.
type: string
example: America/Chicago
innerHit:
description: The innerHit query object returns a flattened list of results for the specified nested type.
type: object
required:
- query
- type
properties:
query:
description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'source.name:\"Active Directory\"'
type:
description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.'
type: string
example: access
queryDsl:
description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.'
type: object
example:
match:
name: john.doe
textQuery:
type: object
description: Query parameters used to construct an Elasticsearch text query object.
required:
- terms
- fields
properties:
terms:
description: Words or characters that specify a particular thing to be searched for.
type: array
items:
type: string
example:
- The quick brown fox
- '3141592'
- '7'
fields:
description: The fields to be searched.
type: array
items:
type: string
example:
- displayName
- employeeNumber
- roleCount
matchAny:
description: 'Indicates that at least one of the terms must be found in the specified fields; otherwise, all terms must be found.'
type: boolean
default: false
example: false
contains:
description: 'Indicates that the terms can be located anywhere in the specified fields; otherwise, the fields must begin with the terms.'
type: boolean
default: false
example: true
typeAheadQuery:
type: object
description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." '
required:
- query
- field
properties:
query:
description: The type ahead query string used to construct a phrase prefix match query.
type: string
example: Work
field:
description: The field on which to perform the type ahead search.
type: string
example: source.name
nestedType:
description: The nested type.
type: string
example: access
maxExpansions:
description: |-
The number of suffixes the last term will be expanded into.
Influences the performance of the query and the number results returned.
Valid values: 1 to 1000.
type: integer
format: int32
minimum: 1
maximum: 1000
default: 10
example: 10
size:
description: The max amount of records the search will return.
type: integer
format: int32
minimum: 1
default: 100
example: 100
sort:
description: The sort order of the returned records.
type: string
default: desc
example: asc
sortByValue:
description: 'The flag that defines the sort type, by count or value.'
type: boolean
default: false
example: true
includeNested:
description: Indicates whether nested objects from returned search results should be included.
type: boolean
default: true
example: true
queryResultFilter:
type: object
description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.
properties:
includes:
description: The list of field names to include in the result documents.
type: array
items:
type: string
example:
- name
- displayName
excludes:
description: The list of field names to exclude from the result documents.
type: array
items:
type: string
example:
- stacktrace
aggregationType:
description: |
Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
default: DSL
example: DSL
aggregationsVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the language being used for aggregation queries.
This version number will map to the version of Elasticsearch for the aggregation query object.
aggregationsDsl:
description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.'
type: object
example: {}
aggregations:
description: |
The aggregation’s specifications, such as the groupings and calculations to be performed.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
description: Aggregation to be performed on the result of the parent bucket aggregation.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
description: Aggregation to be performed on the result of the parent bucket aggregation.
sort:
description: The fields to be used to sort the search results. Use + or - to specify the sort direction.
type: array
items:
type: string
example:
- displayName
- +id
searchAfter:
description: |-
Used to begin the search window at the values specified.
This parameter consists of the last values of the sorted fields in the current record set.
This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.
It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging.
For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"].
If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity.
The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"]
type: array
items:
type: string
example:
- John Doe
- 2c91808375d8e80a0175e1f88a575221
filters:
description: The filters to be applied for each filtered field name.
type: object
additionalProperties:
type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
example: {}
examples:
accessProfiles:
summary: Query for access profiles
value:
indices:
- accessprofiles
query:
query: 'requestable:true'
accountActivities:
summary: Query for acccount activities
value:
indices:
- accountactivities
query:
query: 'sources:"Active Directory"'
entitlements:
summary: Query for entitlements
value:
indices:
- entitlements
query:
query: 'source.name:Finance'
events:
summary: Query for events
value:
indices:
- events
query:
query: 'type:PROVISIONING'
identities:
summary: Query for identities
value:
indices:
- identities
query:
query: 'attributes.cloudLifecycleState:active'
roles:
summary: Query for roles
value:
indices:
- roles
query:
query: 'enabled:true'
query-fields:
summary: Query with fields
value:
indices:
- identities
query:
query: '"John Doe"'
fields:
- name
query-timeZone:
summary: Query with timezone
value:
indices:
- identities
query:
query: 'created: [2022-05-19T19:26:03.351Z TO now]'
timeZone: America/Los_Angeles
query-innerHit:
summary: Query with innerhit
value:
indices:
- identities
query:
query: '"John Doe"'
innerHit:
type: access
query: 'source.name:"Active Directory"'
typeAheadQuery:
summary: Typeahead query
value:
indices:
- identities
queryType: TYPEAHEAD
typeAheadQuery:
field: name
query: Jo
maxExpansions: 50
size: 100
sort: desc
sortByValue: false
typeAheadQuery-nestedType:
summary: Typeahead query with nestedtype
value:
indices:
- identities
queryType: TYPEAHEAD
typeAheadQuery:
field: source.name
nestedType: access
query: Work
maxExpansions: 50
size: 100
sort: desc
sortByValue: false
filter-exists:
summary: Filter with exists
value:
indices:
- identities
query:
query: 'attributes.city:Austin'
filters:
attributes.personalEmail:
type: EXISTS
exclude: true
filter-range:
summary: Filter with range
value:
indices:
- identities
query:
query: 'attributes.city:London'
timeZone: Europe/London
filters:
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2023-12-01'
inclusive: true
upper:
value: '2025-01-01'
filter-terms:
summary: Filter with terms
value:
indices:
- identities
query:
query: 'attributes.city:London'
filters:
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
isManager:
type: TERMS
terms:
- 'true'
required: true
responses:
'200':
description: List of matching documents.
content:
application/json:
schema:
type: array
items:
type: object
oneOf:
- type: object
allOf:
- description: 'More complete representation of an access profile. '
allOf:
- type: object
properties:
description:
type: string
description: Access item's description.
example: Admin access
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
properties:
id:
type: string
description: Access profile's ID.
example: 2c9180825a6c1adc015a71c9023f0818
name:
type: string
description: Access profile's name.
example: Cloud Eng
source:
type: object
description: Access profile's source.
properties:
id:
type: string
description: Source's ID.
example: ff8081815757d4fb0157588f3d9d008f
name:
type: string
description: Source's name.
example: Employees
entitlements:
type: array
description: Entitlements the access profile has access to.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements.
example: 5
segments:
type: array
description: Segments with the access profile.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the access profile.
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
apps:
type: array
description: Applications with the access profile
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
description: Name of application
example: Travel and Expense
description:
description: Description of application.
type: string
example: Travel and Expense Application
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: John Doe
email:
type: string
description: Owner's email.
example: john.doe@sailpoint.com
- type: object
properties:
pod:
type: string
example: pod01-useast1
description: Name of the pod.
org:
type: string
example: org-name
description: Name of the tenant.
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
_version:
type: string
example: v2
description: Version number.
- type: object
allOf:
- description: AccountActivity
type: object
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of account activity.
action:
type: string
description: Type of action performed in the activity.
externalDocs:
description: Learn more about account activity action types
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data'
example: Identity Refresh.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
example: '2018-06-25T20:22:28.104Z'
stage:
type: string
description: Activity's current stage.
example: Completed
status:
type: string
description: Activity's current status.
example: Complete
requester:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
recipient:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
trackingNumber:
type: string
description: Account activity's tracking number.
example: 61aad0c9e8134eca89e76a35e0cabe3f
errors:
type: array
description: Errors provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
warnings:
type: array
description: Warnings provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
approvals:
type: array
description: Approvals performed on an item during activity.
items:
type: object
properties:
comments:
type: array
items:
type: object
properties:
comment:
type: string
description: The comment text
example: This request was autoapproved by our automated ETS subscriber.
commenter:
type: string
description: The name of the commenter
example: Automated AR Approval
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
result:
type: string
description: The result of the approval
example: Finished
attributeRequest:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
originalRequests:
type: array
description: Original actions that triggered all individual source actions related to the account action.
items:
type: object
properties:
accountId:
type: string
description: Account ID.
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
result:
type: object
properties:
status:
type: string
description: Request result status
example: Manual Task Created
attributeRequests:
type: array
description: Attribute changes requested for account.
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
op:
type: string
description: Operation used.
example: add
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
description: Account's source.
expansionItems:
type: array
description: Controls that translated the attribute requests into actual provisioning actions on the source.
items:
type: object
properties:
accountId:
type: string
description: The ID of the account
example: 2c91808981f58ea601821c3e93482e6f
cause:
type: string
example: Role
description: Cause of the expansion item.
name:
type: string
description: The name of the item
example: smartsheet-role
attributeRequest:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
id:
type: string
description: ID of the expansion item
example: ac2887ffe0e7435a8c18c73f7ae94c7b
state:
type: string
description: State of the expansion item
example: EXECUTING
accountRequests:
type: array
description: Account data for each individual source action triggered by the original requests.
items:
type: object
properties:
accountId:
type: string
description: Unique ID of the account
example: John.Doe
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
op:
type: string
example: Modify
description: The operation that was performed
provisioningTarget:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: object
properties:
errors:
type: array
items:
type: string
example: |-
[ConnectorError] [
{
"code": "unrecognized_keys",
"keys": [
"groups"
],
"path": [],
"message": "Unrecognized key(s) in object: 'groups'"
}
] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)
description: Error message.
status:
type: string
description: The status of the account request
example: failed
ticketId:
type: string
nullable: true
example: null
description: ID of associated ticket.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
sources:
type: string
description: Sources involved in the account activity.
example: 'smartsheet-test, airtable-v4, IdentityNow'
- type: object
properties:
pod:
type: string
example: pod01-useast1
description: Name of the pod.
org:
type: string
example: org-name
description: Name of the tenant.
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
_version:
type: string
example: v2
description: Version number.
- type: object
allOf:
- description: Entitlement
allOf:
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the referenced object.
name:
type: string
example: john.doe
description: The human readable name of the referenced object.
- type: object
properties:
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
displayName:
type: string
description: Entitlement's display name.
example: Admin
source:
type: object
description: Entitlement's source.
properties:
id:
type: string
description: ID of entitlement's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of entitlement's source.
example: ODS-HR-Employees
type:
type: string
example: SOURCE
description: Type of object.
segments:
type: array
description: Segments with the entitlement.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
requestable:
type: boolean
description: Indicates whether the entitlement is requestable.
default: false
example: false
cloudGoverned:
type: boolean
description: Indicates whether the entitlement is cloud governed.
default: false
example: false
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
attribute:
type: string
description: Attribute information for the entitlement.
example: groups
value:
type: string
description: Value of the entitlement.
example: 1733ff75-441e-4327-9bfc-3ac445fd8cd1
sourceSchemaObjectType:
type: string
description: Source schema object type of the entitlement.
example: group
schema:
type: string
description: Schema type of the entitlement.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
attributes:
type: object
additionalProperties: true
description: Attributes of the entitlement.
truncatedAttributes:
type: array
description: Truncated attributes of the entitlement.
items:
type: string
containsDataAccess:
type: boolean
description: Indicates whether the entitlement contains data access.
default: false
manuallyUpdatedFields:
type: object
description: Indicates whether the entitlement's display name and/or description have been manually updated.
nullable: true
properties:
DESCRIPTION:
type: boolean
default: false
example: false
DISPLAY_NAME:
type: boolean
default: false
example: false
permissions:
type: array
items:
type: object
properties:
target:
type: string
description: The target the permission would grants rights on.
example: SYS.GV_$TRANSACTION
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
items:
type: string
example: SELECT
- type: object
properties:
pod:
type: string
example: pod01-useast1
description: Name of the pod.
org:
type: string
example: org-name
description: Name of the tenant.
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
_version:
type: string
example: v2
description: Version number.
- type: object
allOf:
- type: object
description: Event
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the entitlement.
name:
type: string
example: Add Entitlement Passed
description: Name of the entitlement.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
example: '2018-06-25T20:22:28.104Z'
action:
type: string
description: Name of the event as it's displayed in audit reports.
example: AddEntitlement
type:
type: string
description: 'Event type. Refer to [Event Types](https://documentation.sailpoint.com/saas/help/search/index.html#event-types) for a list of event types and their meanings.'
example: ACCESS_ITEM
actor:
type: object
properties:
name:
type: string
description: Name of the actor that generated the event.
example: System
target:
type: object
properties:
name:
type: string
description: 'Name of the target, or recipient, of the event.'
example: Carol.Adams
stack:
type: string
description: The event's stack.
example: tpe
trackingNumber:
type: string
description: ID of the group of events.
example: 63f891e0735f4cc8bf1968144a1e7440
ipAddress:
type: string
description: Target system's IP address.
example: 52.52.97.85
details:
type: string
description: ID of event's details.
example: 73b65dfbed1842548c207432a18c84b0
attributes:
type: object
description: Attributes involved in the event.
additionalProperties: true
example:
pod: stg03-useast1
org: acme
sourceName: SailPoint
objects:
type: array
description: Objects the event is happening to.
items:
type: string
example: AUTHENTICATION
operation:
type: string
description: 'Operation, or action, performed during the event.'
example: ADD
status:
type: string
description: 'Event status. Refer to [Event Statuses](https://documentation.sailpoint.com/saas/help/search/index.html#event-statuses) for a list of event statuses and their meanings.'
example: PASSED
technicalName:
type: string
description: Event's normalized name. This normalized name always follows the pattern of 'objects_operation_status'.
example: ENTITLEMENT_ADD_PASSED
- properties:
pod:
type: string
example: pod01-useast1
org:
type: string
example: org-name
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
_version:
type: string
example: v2
- type: object
allOf:
- description: Identity
allOf:
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the referenced object.
name:
type: string
example: john.doe
description: The human readable name of the referenced object.
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
displayName:
type: string
example: Carol.Adams
description: Identity's display name.
firstName:
type: string
description: Identity's first name.
example: Carol
lastName:
type: string
description: Identity's last name.
example: Adams
email:
type: string
description: Identity's primary email address.
example: Carol.Adams@sailpointdemo.com
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
phone:
type: string
description: Identity's phone number.
example: +1 440-527-3672
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
inactive:
type: boolean
description: Indicates whether the identity is inactive.
default: false
example: false
protected:
type: boolean
description: Indicates whether the identity is protected.
default: false
example: false
status:
type: string
description: Identity's status in SailPoint.
example: UNREGISTERED
employeeNumber:
type: string
description: Identity's employee number.
example: 1a2a3d4e
manager:
type: object
description: Identity's manager.
nullable: true
properties:
id:
type: string
description: ID of identity's manager.
example: 2c9180867dfe694b017e208e27c05799
name:
type: string
description: Name of identity's manager.
example: Amanda.Ross
displayName:
type: string
description: Display name of identity's manager.
example: Amanda.Ross
isManager:
type: boolean
description: Indicates whether the identity is a manager of other identities.
example: false
identityProfile:
type: object
description: Identity's identity profile.
properties:
id:
type: string
description: Identity profile's ID.
example: 3bc8ad26b8664945866b31339d1ff7d2
name:
type: string
description: Identity profile's name.
example: HR Employees
source:
type: object
description: Identity's source.
properties:
id:
type: string
description: ID of identity's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of identity's source.
example: ODS-HR-Employees
attributes:
type: object
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
country: US
firstname: Carol
cloudStatus: UNREGISTERED
disabled:
type: boolean
description: Indicates whether the identity is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the identity is locked.
default: false
example: false
processingState:
type: string
description: Identity's processing state.
nullable: true
example: ERROR
processingDetails:
description: Identity's processing details.
nullable: true
type: object
properties:
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
stage:
type: string
example: In Process
retryCount:
type: integer
example: 0
format: int32
stackTrace:
type: string
example:
message:
type: string
example:
accounts:
type: array
description: List of accounts associated with the identity.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
accountId:
type: string
description: Account ID.
example: John.Doe
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
disabled:
type: boolean
description: Indicates whether the account is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the account is locked.
default: false
example: false
privileged:
type: boolean
description: Indicates whether the account is privileged.
default: false
example: false
manuallyCorrelated:
type: boolean
description: Indicates whether the account has been manually correlated to an identity.
default: false
example: false
passwordLastSet:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
entitlementAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
moderator: true
admin: true
trust_level: '4'
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
supportsPasswordChange:
type: boolean
description: Indicates whether the account supports password change.
default: false
example: false
accountAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
type: global
admin: true
trust_level: '4'
accountCount:
type: integer
description: Number of accounts associated with the identity.
format: int32
example: 3
apps:
type: array
description: List of applications the identity has access to.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
account:
type: object
properties:
id:
type: string
description: The SailPoint generated unique ID
example: 2c9180837dfe6949017e21f3d8cd6d49
accountId:
type: string
description: The account ID generated by the source
example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
appCount:
type: integer
format: int32
description: Number of applications the identity has access to.
example: 2
access:
type: array
description: List of access items assigned to the identity.
items:
discriminator:
propertyName: type
mapping:
ACCESS_PROFILE: ../access/AccessProfileSummary.yaml
ENTITLEMENT: ../access/AccessProfileEntitlement.yaml
ROLE: ../access/AccessProfileRole.yaml
oneOf:
- description: This is a summary representation of an access profile.
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
type:
type: string
description: Type of the access item.
example: ACCESS_PROFILE
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
revocable:
type: boolean
example: true
- description: EntitlementReference
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
type:
type: string
description: Type of the access item.
example: ENTITLEMENT
privileged:
type: boolean
example: false
attribute:
type: string
example: memberOf
value:
type: string
example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone:
type: boolean
example: false
- description: Role
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
type:
type: string
description: Type of the access item.
example: ROLE
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
disabled:
type: boolean
revocable:
type: boolean
accessCount:
type: integer
format: int32
description: Number of access items assigned to the identity.
example: 5
entitlementCount:
type: integer
format: int32
description: Number of entitlements assigned to the identity.
example: 10
roleCount:
type: integer
format: int32
description: Number of roles assigned to the identity.
example: 1
accessProfileCount:
type: integer
format: int32
description: Number of access profiles assigned to the identity.
example: 1
owns:
type: array
description: Access items the identity owns.
items:
type: object
properties:
sources:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
entitlements:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
roles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
apps:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
governanceGroups:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
fallbackApprover:
type: boolean
example: false
ownsCount:
type: integer
format: int32
description: Number of access items the identity owns.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
tagsCount:
type: integer
format: int32
description: Number of tags on the identity.
visibleSegments:
type: array
description: List of segments that the identity is in.
items:
type: string
nullable: true
example:
- All Employees
visibleSegmentCount:
type: integer
format: int32
description: Number of segments the identity is in.
example: 1
- type: object
properties:
pod:
type: string
example: pod01-useast1
description: Name of the pod.
org:
type: string
example: org-name
description: Name of the tenant.
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
_version:
type: string
example: v2
description: Version number.
- type: object
allOf:
- description: Role
allOf:
- type: object
properties:
description:
type: string
description: Access item's description.
example: Admin access
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the role.
name:
type: string
example: Branch Manager Access
description: Name of the role.
accessProfiles:
type: array
description: Access profiles included with the role.
nullable: true
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
accessProfileCount:
type: integer
description: Number of access profiles included with the role.
nullable: true
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
nullable: true
segments:
type: array
description: Segments with the role.
nullable: true
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
nullable: true
format: int32
example: 1
entitlements:
type: array
description: Entitlements included with the role.
nullable: true
items:
allOf:
- type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
- properties:
sourceSchemaObjectType:
type: string
description: Schema objectType.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
entitlementCount:
type: integer
description: Number of entitlements included with the role.
nullable: true
format: int32
example: 3
dimensional:
type: boolean
example: false
default: false
dimensionSchemaAttributeCount:
type: integer
description: Number of dimension attributes included with the role.
nullable: true
format: int32
example: 3
dimensionSchemaAttributes:
type: array
description: Dimension attributes included with the role.
nullable: true
items:
type: object
properties:
derived:
type: boolean
example: true
default: true
displayName:
type: string
description: Displayname of the dimension attribute.
example: Department
name:
type: string
description: Name of the dimension attribute.
example: department
dimensions:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: Unique ID of the dimension.
example: b3c28992ba964a40a7598978139d1ced
name:
type: string
description: Name of the dimension.
example: Manager Austin Branch
description:
type: string
nullable: true
description: Description of the dimension.
example: Managers located at the Austin branch
entitlements:
type: array
description: Entitlements included with the role.
nullable: true
items:
allOf:
- type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
- properties:
sourceSchemaObjectType:
type: string
description: Schema objectType.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
accessProfiles:
type: array
nullable: true
description: Access profiles included in the dimension.
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
- type: object
properties:
pod:
type: string
example: pod01-useast1
description: Name of the pod.
org:
type: string
example: org-name
description: Name of the tenant.
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
_version:
type: string
example: v2
description: Version number.
examples:
accessProfiles:
summary: A collection of access profiles
value:
- id: 13b856dd9a264206954b63ecbb57a853
name: Cloud Eng
description: Cloud Eng
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
entitlements:
- hasPermissions: false
attribute: memberOf
value: 'CN=Cloud Engineering,DC=sailpoint,DC=com'
schema: group
privileged: false
id: 7372eaddd75749bd89a2e76a363eb891
name: Cloud Engineering
description: Cloud Engineering
entitlementCount: 1
segments: []
segmentCount: 0
apps: []
created: '2024-09-16T17:41:25Z'
modified: '2024-09-16T19:30:54Z'
synced: '2025-02-12T06:32:40.156Z'
enabled: true
requestable: true
requestCommentsRequired: false
owner:
id: ff8081815757d36a015757d42e56031e
name: SailPoint Support
type: IDENTITY
email: cloud-support@sailpoint.com
tags:
- TAG_1
- TAG_2
_type: accessprofile
type: accessprofile
pod: pod01-useast1
org: org-name
_version: v2
accountActivities:
summary: A collection of account activities
value:
- id: 6f76c3add1db4ba8bbe0d42aaceb7a07
_type: accountactivity
type: accountactivity
requester:
name: Amos.Cunningham
id: ef1e2a36099447cb9448c68e1804dd9f
type: Identity
sources: Active Directory
created: '2025-01-02T21:45:59.795Z'
accountRequests:
- result:
status: committed
accountId: 'CN=Amos Cunningham,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
op: Modify
provisioningTarget:
name: Active Directory
id: 5c71ff71195b4794a0b87e7cf36fb017
type: ADLDAPConnector
source:
name: Active Directory
id: 5c71ff71195b4794a0b87e7cf36fb017
type: ADLDAPConnector
attributeRequests:
- op: Add
name: memberOf
value: 'CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
stage: Completed
originalRequests:
- result:
status: Manual Task Created
accountId: 'CN=Amos Cunningham,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
op: Modify
accountUuid: '{17413e85-1c08-4bb0-b658-9afdaad11d0a}'
source:
name: Active Directory
id: 5c71ff71195b4794a0b87e7cf36fb017
type: ADLDAPConnector
attributeRequests:
- op: Add
name: memberOf
value: 'CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
expansionItems: []
approvals:
- owner:
name: tina.smith
id: 322c6bce405a495a8e841a014b7d8410
type: Identity
result: Finished
attributeRequest:
op: Add
name: memberOf
value:
- 'CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
accountUuid: '{17413e85-1c08-4bb0-b658-9afdaad11d0a}'
modified: '2025-01-02T21:47:16.903Z'
source:
name: Active Directory
id: 5c71ff71195b4794a0b87e7cf36fb017
type: ADLDAPConnector
recipient:
name: Amos.Cunningham
id: ef1e2a36099447cb9448c68e1804dd9f
type: Identity
action: Access Request
modified: '2025-01-02T21:47:16.903Z'
trackingNumber: 051d09b0bb5b453d91f658ba7f1e3171
status: Complete
pod: pod01-useast1
org: org-name
synced: '2025-01-02T21:47:16.953Z'
_version: v2
entitlements:
summary: A collection of entitlements
value:
- id: 2c9180867dde18d1017de8ea1f5c130f
name: Vendor Creation
displayName: Vendor Creation
created: '2021-12-23T20:09:57.340Z'
modified: '2023-05-02T06:31:19.357Z'
attribute: groups
value: VC
sourceSchemaObjectType: group
schema: group
privileged: false
cloudGoverned: false
hash: 22ac1f7a13c8a462c67ee74f5fcbf06a277cce50
description: Set up new AP vendors
requestable: false
source:
id: 2c9180887de347a7017de8e75fa5570a
type: SOURCE
name: Finance
containsDataAccess: 'false'
pod: pod01-useast1
org: org-name
synced: '2024-11-07T16:29:06.131Z'
_type: entitlement
type: entitlement
_version: v2
events:
summary: A collection of events
value:
- id: 001909ce8cc3b519436197105426b18b5fc6ca179803c0c3702e9038107bec78
stack: wps
synced: '2023-06-01T22:01:38.170Z'
created: '2023-06-01T22:01:37.818Z'
objects:
- ACCOUNT
type: PROVISIONING
technicalName: ACCOUNT_MODIFY_PASSED
target:
name: Colt.Spears
actor:
name: System
name: Modify Account Passed
action: ModifyAccount
attributes:
accountUuid: '{2d1ec18a-84cc-4659-bf75-a1ce4d56a9c5}'
cloudAppName: Active Directory
appId: 5c71ff71195b4794a0b87e7cf36fb017
sourceId: source
sourceName: Active Directory
accountName: 'CN=Colt Spears,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpoint,DC=com'
interface: Identity Refresh
trackingNumber: 1f74901adbc0412d9fa51314195155be
operation: MODIFY
status: PASSED
pod: pod01-useast1
org: org-name
_type: event
_version: v2
identities:
summary: A collection of identities
value:
- id: 2c9180865c45e7e3015c46c434a80622
name: Laura Peeters
firstName: Laura
lastName: Peeters
displayName: Laura Peeters
email: Laura.Peeters@sailpointdemo.com
created: '2024-04-04T21:36:00.385Z'
inactive: false
protected: false
status: ACTIVE
employeeNumber: '10673'
manager:
id: 88e405b1a3b8439daf2efc8f4ff0a98b
name: Mia Garcia
displayName: Mia Garcia
isManager: true
identityProfile:
id: 00a2bc6244b34f4a88d985f035f2b68b
name: HR Global
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
attributes:
city: Brussels
cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0
cloudLifecycleState: active
cloudStatus: ACTIVE
country: BE
department: EMEA Sales
displayName: Laura Peeters
email: Laura.Peeters@sailpointdemo.com
firstname: Laura
identificationNumber: '10673'
identityState: ACTIVE
internalCloudStatus: ACTIVE
jobTitle: 'Manager, Sales - Belgium'
lastname: Peeters
location: EMEA
uid: '10673'
visibleSegments:
- d75ae486-044b-4eba-8113-0cdacb5341df
disabled: false
locked: false
accounts:
- id: 830396e8863442f1bce7b485612c8b51
name: Laura Peeters
accountId: '10673'
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
type: DelimitedFile
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:36:00.385Z'
supportsPasswordChange: false
- id: cd6797419f37492ba22ea991f9d6ba90
name: $SEK300-N3K0K4HOPEB6
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
type: Active Directory - Direct
disabled: false
locked: false
privileged: false
manuallyCorrelated: true
passwordLastSet: '2024-04-04T21:38:57.434Z'
entitlementAttributes:
memberOf:
- 'CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
created: '2024-04-04T21:42:26.787Z'
supportsPasswordChange: true
- id: db145fd0ec6a4e0cbc3a24bbe0758c8f
name: Laura Peeters
accountId: '10681'
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
type: DelimitedFile
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:36:15.769Z'
supportsPasswordChange: false
- id: 6b75898eec394b4c98a5c3d2d9ba311b
name: Laura Peeters
accountId: Laura Peeters
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
type: IdentityNowConnector
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:36:15.809Z'
supportsPasswordChange: true
accountAttributes: {}
accountCount: 3
apps:
- id: '20003'
name: Active Directory
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: cd6797419f37492ba22ea991f9d6ba90
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20013'
name: AD test
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: cd6797419f37492ba22ea991f9d6ba90
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20014'
name: Test AD
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: cd6797419f37492ba22ea991f9d6ba90
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5092'
name: Accounting
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: cd6797419f37492ba22ea991f9d6ba90
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5822114389092541705'
name: IdentityNow app
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
account:
id: 6b75898eec394b4c98a5c3d2d9ba311b
accountId: Laura Peeters
appCount: 5
access:
- id: 4919721c3c1a4ca484469b85f0fd9ba1
name: Benefits
displayName: Benefits
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: 4bf8f57887874e9c83ae3a662bf8988c
name: Sales-Folder
displayName: Sales-Folder
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: f1bea520cace4489805d26de3463262d
name: Salesforce Access
displayName: Salesforce Access
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: 98a76b26b7884f3e8d115991cebc09b2
name: Salesforce opportunity management
displayName: Salesforce opportunity management
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: 7e277d102c874560becc464cdfe33a86
name: Benefits Employees
displayName: Benefits Employees
type: ACCESS_PROFILE
description: Access for Benefits Employees. Distribution group and File share access.
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
owner:
id: 278f8a1859df48d2a0adb204257b26a2
name: Jerry.Bennett
displayName: Jerry.Bennett
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: 468171f0af874adebb58d3718519bd56
name: SalesCommonAccess
displayName: SalesCommonAccess
type: ACCESS_PROFILE
description: Grants basic access for everyone in the sale department
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
owner:
id: 278f8a1859df48d2a0adb204257b26a2
name: Jerry.Bennett
displayName: Jerry.Bennett
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: ad7025c956734455b28fa35e315e77fe
name: Benefits Common Access
displayName: Benefits Common Access
type: ROLE
description: Testing AD provisioning with birthright access
enabled: false
requestable: false
requestCommentsRequired: false
owner:
id: 322c6bce405a495a8e841a014b7d8410
name: tina.smith
displayName: tina.smith
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: a8819cb0445541438fe08dd38f311b3c
name: SalesGlobal
displayName: SalesGlobal
type: ROLE
description: All Sales people in the company
enabled: false
requestable: false
requestCommentsRequired: false
owner:
id: 29b6ee3f91484d159b1ceac3109af151
name: se.admin
displayName: se.admin
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
accessCount: 8
accessProfileCount: 2
entitlementCount: 4
roleCount: 2
modified: '2025-01-17T03:17:17.895Z'
visibleSegments:
- All Employees
visibleSegmentCount: 1
tagCount: 2
tags:
- TAG_1
- TAG_2
pod: pod01-useast1
org: org-name
synced: '2025-01-17T06:10:19.853Z'
_type: identity
type: identity
_version: v2
roles:
summary: A collection of roles
value:
- id: 2c91808c6faadea6016fb4f2bc69077b
accessProfileCount: 1
accessProfiles:
- id: 468171f0af874adebb58d3718519bd56
name: SalesCommonAccess
created: '2023-06-01T22:00:55.311Z'
description: All Sales people in the company
dimensional: false
enabled: true
modified: '2023-06-01T22:00:55.432Z'
name: SalesGlobal
owner:
email: admin@sailpointdemo.com
id: c18630c4811c4030810afb3a14f388cf
name: admin
type: IDENTITY
requestCommentsRequired: false
requestable: true
tags:
- TAG_1
- TAG_2
pod: pod01-useast1
org: org-name
_type: role
type: role
_version: v2
query-fields:
summary: Query with fields
value:
- name: John Doe
firstName: John
lastName: Doe
displayName: John Doe
id: 655f6741762547ec937893f27eab0cec
email: John.Doe@sailpointdemo.com
created: '2025-01-03T22:36:20.025Z'
inactive: false
protected: false
status: UNREGISTERED
isManager: false
identityProfile:
id: 63e42f96f2fc4b8ba544654eba6068cf
name: Contractors
source:
id: b33c36dbaf974200b4d91f846abc30a5
name: Contractors
attributes:
cloudAuthoritativeSource: b33c36dbaf974200b4d91f846abc30a5
cloudLifecycleState: active
cloudStatus: UNREGISTERED
displayName: John Doe
email: John.Doe@sailpointdemo.com
endDate: '2199-01-01T00:00:00.000Z'
firstname: John
identityState: ACTIVE
internalCloudStatus: UNREGISTERED
lastname: Doe
startDate: '2199-01-01T00:00:00.000Z'
uid: John Doe
visibleSegments:
- d75ae486-044b-4eba-8113-0cdacb5341df
disabled: false
locked: false
accounts:
- id: 6f9cce655ddd40ca86a8faab8d5d52ec
name: John Doe
accountId: ac10e3a8-942a-1409-8194-2e4fe3090003
source:
id: b33c36dbaf974200b4d91f846abc30a5
name: Contractors
type: Non-Employee
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2025-01-03T22:36:20.045Z'
supportsPasswordChange: false
- id: 9e29df88d4c5449ea790b4c24135b85c
name: $FHK300-LAAKDKHU50K3
accountId: 'CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
type: Active Directory - Direct
disabled: false
locked: false
privileged: false
manuallyCorrelated: true
entitlementAttributes:
memberOf:
- 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
created: '2025-01-03T22:36:36.866Z'
supportsPasswordChange: true
- id: 74e0cd14200943ff92b4f11fa3596eba
name: John Doe
accountId: John Doe
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
type: IdentityNowConnector
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2025-01-03T22:36:20.076Z'
supportsPasswordChange: true
accountAttributes: {}
accountCount: 2
apps:
- id: '20003'
name: Active Directory
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: 9e29df88d4c5449ea790b4c24135b85c
accountId: 'CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20013'
name: AD test
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: 9e29df88d4c5449ea790b4c24135b85c
accountId: 'CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20014'
name: Test AD
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: 9e29df88d4c5449ea790b4c24135b85c
accountId: 'CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5092'
name: Accounting
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: 9e29df88d4c5449ea790b4c24135b85c
accountId: 'CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5822114389092541705'
name: IdentityNow app
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
account:
id: 74e0cd14200943ff92b4f11fa3596eba
accountId: John Doe
appCount: 5
access:
- id: 4919721c3c1a4ca484469b85f0fd9ba1
name: Benefits
displayName: Benefits
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: 7e277d102c874560becc464cdfe33a86
name: Benefits Employees
displayName: Benefits Employees
type: ACCESS_PROFILE
description: Access for Benefits Employees. Distribution group and File share access.
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
owner:
id: 278f8a1859df48d2a0adb204257b26a2
name: Jerry.Bennett
displayName: Jerry.Bennett
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: ad7025c956734455b28fa35e315e77fe
name: Benefits Common Access
displayName: Benefits Common Access
type: ROLE
description: Testing AD provisioning with birthright access
enabled: false
requestable: false
requestCommentsRequired: false
owner:
id: 322c6bce405a495a8e841a014b7d8410
name: tina.smith
displayName: tina.smith
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
accessCount: 3
accessProfileCount: 1
entitlementCount: 1
roleCount: 1
modified: '2025-01-03T22:36:37.599Z'
visibleSegments:
- All Employees
visibleSegmentCount: 1
tagCount: 0
pod: pod01-useast1
org: org-name
synced: '2025-01-03T22:37:04.452Z'
_type: identity
type: identity
_version: v2
query-timeZone:
summary: Query with timezone
value:
- name: Laura Peeters
firstName: Laura
lastName: Peeters
displayName: Laura Peeters
id: 0011cac38db341738af1f2ce7bb3aede
email: Laura.Peeters@sailpointdemo.com
created: '2024-04-04T21:36:00.385Z'
inactive: false
protected: false
status: UNREGISTERED
employeeNumber: '10673'
manager:
id: 88e405b1a3b8439daf2efc8f4ff0a98b
name: Mia Garcia
displayName: Mia Garcia
isManager: true
identityProfile:
id: 00a2bc6244b34f4a88d985f035f2b68b
name: HR Global
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
attributes:
city: Brussels
cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0
cloudLifecycleState: active
cloudStatus: UNREGISTERED
country: BE
department: EMEA Sales
displayName: Laura Peeters
email: Laura.Peeters@sailpointdemo.com
firstname: Laura
identificationNumber: '10673'
identityState: ACTIVE
internalCloudStatus: UNREGISTERED
jobTitle: 'Manager, Sales - Belgium'
lastname: Peeters
location: EMEA
uid: '10673'
visibleSegments:
- d75ae486-044b-4eba-8113-0cdacb5341df
disabled: false
locked: false
accounts:
- id: 830396e8863442f1bce7b485612c8b51
name: Laura Peeters
accountId: '10673'
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
type: DelimitedFile
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:36:00.385Z'
supportsPasswordChange: false
- id: cd6797419f37492ba22ea991f9d6ba90
name: $SEK300-N3K0K4HOPEB6
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
type: Active Directory - Direct
disabled: false
locked: false
privileged: false
manuallyCorrelated: true
passwordLastSet: '2024-04-04T21:38:57.434Z'
entitlementAttributes:
memberOf:
- 'CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
created: '2024-04-04T21:42:26.787Z'
supportsPasswordChange: true
- id: db145fd0ec6a4e0cbc3a24bbe0758c8f
name: Laura Peeters
accountId: '10681'
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
type: DelimitedFile
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:36:15.769Z'
supportsPasswordChange: false
- id: 6b75898eec394b4c98a5c3d2d9ba311b
name: Laura Peeters
accountId: Laura Peeters
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
type: IdentityNowConnector
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:36:15.809Z'
supportsPasswordChange: true
accountAttributes: {}
accountCount: 3
apps:
- id: '20003'
name: Active Directory
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: cd6797419f37492ba22ea991f9d6ba90
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20013'
name: AD test
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: cd6797419f37492ba22ea991f9d6ba90
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20014'
name: Test AD
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: cd6797419f37492ba22ea991f9d6ba90
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5092'
name: Accounting
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: cd6797419f37492ba22ea991f9d6ba90
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5822114389092541705'
name: IdentityNow app
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
account:
id: 6b75898eec394b4c98a5c3d2d9ba311b
accountId: Laura Peeters
appCount: 5
access:
- id: 4919721c3c1a4ca484469b85f0fd9ba1
name: Benefits
displayName: Benefits
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: 4bf8f57887874e9c83ae3a662bf8988c
name: Sales-Folder
displayName: Sales-Folder
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: f1bea520cace4489805d26de3463262d
name: Salesforce Access
displayName: Salesforce Access
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: 98a76b26b7884f3e8d115991cebc09b2
name: Salesforce opportunity management
displayName: Salesforce opportunity management
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: 7e277d102c874560becc464cdfe33a86
name: Benefits Employees
displayName: Benefits Employees
type: ACCESS_PROFILE
description: Access for Benefits Employees. Distribution group and File share access.
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
owner:
id: 278f8a1859df48d2a0adb204257b26a2
name: Jerry.Bennett
displayName: Jerry.Bennett
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: 468171f0af874adebb58d3718519bd56
name: SalesCommonAccess
displayName: SalesCommonAccess
type: ACCESS_PROFILE
description: Grants basic access for everyone in the sale department
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
owner:
id: 278f8a1859df48d2a0adb204257b26a2
name: Jerry.Bennett
displayName: Jerry.Bennett
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: ad7025c956734455b28fa35e315e77fe
name: Benefits Common Access
displayName: Benefits Common Access
type: ROLE
description: Testing AD provisioning with birthright access
enabled: false
requestable: false
requestCommentsRequired: false
owner:
id: 322c6bce405a495a8e841a014b7d8410
name: tina.smith
displayName: tina.smith
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: a8819cb0445541438fe08dd38f311b3c
name: SalesGlobal
displayName: SalesGlobal
type: ROLE
description: All Sales people in the company
enabled: false
requestable: false
requestCommentsRequired: false
owner:
id: 29b6ee3f91484d159b1ceac3109af151
name: se.admin
displayName: se.admin
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
accessCount: 8
accessProfileCount: 2
entitlementCount: 4
roleCount: 2
modified: '2024-12-13T02:49:18.104Z'
visibleSegments:
- All Employees
visibleSegmentCount: 1
tagCount: 0
pod: pod01-useast1
org: org-name
synced: '2024-12-13T06:10:14.229Z'
_type: identity
type: identity
_version: v2
query-innerHit:
summary: Query with innerhit
value:
- requestCommentsRequired: false
schema: group
cloudEligible: false
displayName: Benefits
standalone: false
source:
name: Active Directory
id: 5c71ff71195b4794a0b87e7cf36fb017
type: ENTITLEMENT
enabled: false
privileged: false
name: Benefits
disabled: false
id: 4919721c3c1a4ca484469b85f0fd9ba1
requestable: false
attribute: memberOf
value: 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
cloudGoverned: false
_type: access
_originalType: identity
_version: v2
- requestCommentsRequired: false
owner:
displayName: Jerry.Bennett
name: Jerry.Bennett
id: 278f8a1859df48d2a0adb204257b26a2
cloudEligible: false
displayName: Benefits Employees
standalone: false
description: Access for Benefits Employees. Distribution group and File share access.
source:
name: Active Directory
id: 5c71ff71195b4794a0b87e7cf36fb017
revocable: false
type: ACCESS_PROFILE
enabled: false
privileged: false
name: Benefits Employees
disabled: false
id: 7e277d102c874560becc464cdfe33a86
requestable: false
cloudGoverned: false
_type: access
_originalType: identity
_version: v2
typeAheadQuery:
summary: Typeahead query
value:
- Ethan Johnson
- Henry Jones
- Joan.Wells
- Joanna Gonzales
- Joe Cook
- Joe.Myers
- Johan Jacobs
- John Doe
- John Roberts
- John Smith
- John.Jarndyce
- John.Smithee
- John.Williams
- Johnny.Elliott
- Jonathan.West
- Jordan Wilson
- Jordan.Sullivan
- Jose.Reed
- Joao Carvalho
- Kamaria Jones
- Lisa Jones
- Mia Johnson
- Michael Johnson
- Scott Johnson
typeAheadQuery-nestedType:
summary: Typeahead query with nestedtype
value:
- Active Directory
- PRISM
- ServiceNow
- TRAKK-WS
- AWS
filter-exists:
summary: Filter with exists
value:
- name: Cory Henry
firstName: Cory
lastName: Henry
displayName: Cory Henry
id: 026bb65ed1f54fcd89197ca986e9acac
email: Cory.Henry@sailpointdemo.com
created: '2024-04-04T21:32:46.844Z'
inactive: false
protected: false
status: UNREGISTERED
employeeNumber: '10090'
manager:
id: 903349b85746471a9a898722206109bb
name: Layla Hendricks
displayName: Layla Hendricks
isManager: true
identityProfile:
id: 00a2bc6244b34f4a88d985f035f2b68b
name: HR Global
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
attributes:
city: Austin
cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0
cloudLifecycleState: active
cloudStatus: UNREGISTERED
country: US
department: Revenue Operations
displayName: Cory Henry
email: Cory.Henry@sailpointdemo.com
firstname: Cory
identificationNumber: '10090'
identityState: ACTIVE
internalCloudStatus: UNREGISTERED
jobTitle: 'Manager, System Operations'
lastname: Henry
location: AMS
uid: '10090'
visibleSegments:
- d75ae486-044b-4eba-8113-0cdacb5341df
- 8ea4e957-f2f1-4cba-b202-54cc702528d1
disabled: false
locked: false
accounts:
- id: a02142f41ad1407884da04a7bfa586d4
name: Cory Henry
accountId: '10090'
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
type: DelimitedFile
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:32:46.844Z'
supportsPasswordChange: false
- id: f30019e125c74684acee7da3f1643d2a
name: $LUJ300-P3QNVHE6R7FB
accountId: 'CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
type: Active Directory - Direct
disabled: false
locked: false
privileged: false
manuallyCorrelated: true
passwordLastSet: '2024-04-04T21:33:34.488Z'
entitlementAttributes:
memberOf:
- 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
created: '2024-04-04T21:37:03.481Z'
supportsPasswordChange: true
- id: 7fe340119c5d4b00a9b85d55b18a6416
name: Cory Henry
accountId: Cory Henry
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
type: IdentityNowConnector
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:37:03.536Z'
supportsPasswordChange: true
accountAttributes: {}
accountCount: 2
apps:
- id: '20003'
name: Active Directory
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: f30019e125c74684acee7da3f1643d2a
accountId: 'CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20013'
name: AD test
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: f30019e125c74684acee7da3f1643d2a
accountId: 'CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20014'
name: Test AD
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: f30019e125c74684acee7da3f1643d2a
accountId: 'CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5092'
name: Accounting
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: f30019e125c74684acee7da3f1643d2a
accountId: 'CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5822114389092541705'
name: IdentityNow app
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
account:
id: 7fe340119c5d4b00a9b85d55b18a6416
accountId: Cory Henry
appCount: 5
access:
- id: ad7025c956734455b28fa35e315e77fe
name: Benefits Common Access
displayName: Benefits Common Access
type: ROLE
description: Testing AD provisioning with birthright access
enabled: false
requestable: false
requestCommentsRequired: false
owner:
id: 322c6bce405a495a8e841a014b7d8410
name: tina.smith
displayName: tina.smith
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: 7e277d102c874560becc464cdfe33a86
name: Benefits Employees
displayName: Benefits Employees
type: ACCESS_PROFILE
description: Access for Benefits Employees. Distribution group and File share access.
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
owner:
id: 278f8a1859df48d2a0adb204257b26a2
name: Jerry.Bennett
displayName: Jerry.Bennett
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: 4919721c3c1a4ca484469b85f0fd9ba1
name: Benefits
displayName: Benefits
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
accessCount: 3
accessProfileCount: 1
entitlementCount: 1
roleCount: 1
modified: '2024-12-13T02:49:19.214Z'
visibleSegments:
- All Employees
- Austin Employees
visibleSegmentCount: 2
tagCount: 0
pod: pod01-useast1
org: org-name
synced: '2024-12-13T06:10:29.734Z'
_type: identity
type: identity
_version: v2
filter-range:
summary: Filter with range
value:
- name: Mia Garcia
firstName: Mia
lastName: Garcia
displayName: Mia Garcia
id: 88e405b1a3b8439daf2efc8f4ff0a98b
email: Mia.Garcia@sailpointdemo.com
created: '2024-04-04T21:33:05.522Z'
inactive: false
protected: false
status: UNREGISTERED
employeeNumber: '10142'
manager:
id: 624db52c764f410baca2b192caad8e58
name: Ethan Johnson
displayName: Ethan Johnson
isManager: true
identityProfile:
id: 00a2bc6244b34f4a88d985f035f2b68b
name: HR Global
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
attributes:
city: London
cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0
cloudLifecycleState: active
cloudStatus: UNREGISTERED
country: GB
department: EMEA Sales
displayName: Mia Garcia
email: Mia.Garcia@sailpointdemo.com
firstname: Mia
identificationNumber: '10142'
identityState: ACTIVE
internalCloudStatus: UNREGISTERED
jobTitle: 'Regional Director, EMEA Sales'
lastname: Garcia
location: EMEA
uid: '10142'
visibleSegments:
- d75ae486-044b-4eba-8113-0cdacb5341df
disabled: false
locked: false
accounts:
- id: 9021760f10b64f42b7ebfb78085ccaff
name: Mia Garcia
accountId: '10142'
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
type: DelimitedFile
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:33:05.522Z'
supportsPasswordChange: false
- id: f3ef91f3c2874e79981f2d97297660ee
name: $DUJ300-H5LFRVRDLKKM
accountId: 'CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
type: Active Directory - Direct
disabled: false
locked: false
privileged: false
manuallyCorrelated: true
passwordLastSet: '2024-04-04T21:33:25.979Z'
entitlementAttributes:
memberOf:
- 'CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
created: '2024-04-04T21:36:54.974Z'
supportsPasswordChange: true
- id: c379279cc5b9450cbb274aad31486510
name: Mia Garcia
accountId: Mia Garcia
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
type: IdentityNowConnector
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:36:55.027Z'
supportsPasswordChange: true
accountAttributes: {}
accountCount: 2
apps:
- id: '20003'
name: Active Directory
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: f3ef91f3c2874e79981f2d97297660ee
accountId: 'CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20013'
name: AD test
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: f3ef91f3c2874e79981f2d97297660ee
accountId: 'CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20014'
name: Test AD
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: f3ef91f3c2874e79981f2d97297660ee
accountId: 'CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5092'
name: Accounting
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: f3ef91f3c2874e79981f2d97297660ee
accountId: 'CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5822114389092541705'
name: IdentityNow app
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
account:
id: c379279cc5b9450cbb274aad31486510
accountId: Mia Garcia
appCount: 5
access:
- id: 7e277d102c874560becc464cdfe33a86
name: Benefits Employees
displayName: Benefits Employees
type: ACCESS_PROFILE
description: Access for Benefits Employees. Distribution group and File share access.
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
owner:
id: 278f8a1859df48d2a0adb204257b26a2
name: Jerry.Bennett
displayName: Jerry.Bennett
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: 468171f0af874adebb58d3718519bd56
name: SalesCommonAccess
displayName: SalesCommonAccess
type: ACCESS_PROFILE
description: Grants basic access for everyone in the sale department
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
owner:
id: 278f8a1859df48d2a0adb204257b26a2
name: Jerry.Bennett
displayName: Jerry.Bennett
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: ad7025c956734455b28fa35e315e77fe
name: Benefits Common Access
displayName: Benefits Common Access
type: ROLE
description: Testing AD provisioning with birthright access
enabled: false
requestable: false
requestCommentsRequired: false
owner:
id: 322c6bce405a495a8e841a014b7d8410
name: tina.smith
displayName: tina.smith
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: a8819cb0445541438fe08dd38f311b3c
name: SalesGlobal
displayName: SalesGlobal
type: ROLE
description: All Sales people in the company
enabled: false
requestable: false
requestCommentsRequired: false
owner:
id: 29b6ee3f91484d159b1ceac3109af151
name: se.admin
displayName: se.admin
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: 4919721c3c1a4ca484469b85f0fd9ba1
name: Benefits
displayName: Benefits
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: 4bf8f57887874e9c83ae3a662bf8988c
name: Sales-Folder
displayName: Sales-Folder
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: f1bea520cace4489805d26de3463262d
name: Salesforce Access
displayName: Salesforce Access
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: 98a76b26b7884f3e8d115991cebc09b2
name: Salesforce opportunity management
displayName: Salesforce opportunity management
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
accessCount: 8
accessProfileCount: 2
entitlementCount: 4
roleCount: 2
modified: '2024-12-13T02:49:35.220Z'
visibleSegments:
- All Employees
visibleSegmentCount: 1
tagCount: 0
pod: pod01-useast1
org: org-name
synced: '2024-12-13T06:25:44.222Z'
_type: identity
type: identity
_version: v2
filter-terms:
summary: Filter with terms
value:
- name: Oliver Davies
firstName: Oliver
lastName: Davies
displayName: Oliver Davies
id: b173815fef574b74a283f39e6634c215
email: Oliver.Davies@sailpointdemo.com
created: '2024-04-04T21:32:27.473Z'
inactive: false
protected: false
status: UNREGISTERED
employeeNumber: '10029'
manager:
id: b8c8e021a4104eda91b80bfac6a99b47
name: Jackson Brooks
displayName: Jackson Brooks
isManager: true
identityProfile:
id: 00a2bc6244b34f4a88d985f035f2b68b
name: HR Global
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
attributes:
city: London
cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0
cloudLifecycleState: active
cloudStatus: UNREGISTERED
country: GB
department: Customer Support
displayName: Oliver Davies
email: Oliver.Davies@sailpointdemo.com
firstname: Oliver
identificationNumber: '10029'
identityState: ACTIVE
internalCloudStatus: UNREGISTERED
jobTitle: Call Center
lastname: Davies
location: EMEA
uid: '10029'
visibleSegments:
- d75ae486-044b-4eba-8113-0cdacb5341df
disabled: false
locked: false
accounts:
- id: c8cacc7080254b2781f56e0ded6c8dea
name: $GRJ300-AQD2M7N9L7NT
accountId: 'CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
type: Active Directory - Direct
disabled: false
locked: false
privileged: false
manuallyCorrelated: true
passwordLastSet: '2024-04-04T21:30:25.205Z'
entitlementAttributes:
memberOf:
- 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
created: '2024-04-04T21:33:54.332Z'
supportsPasswordChange: true
- id: cd7f58b2290c43909320ff89427b57a1
name: Oliver Davies
accountId: '10029'
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
type: DelimitedFile
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:32:27.473Z'
supportsPasswordChange: false
- id: a1ee6cd948754371a98105a5a6dd067d
name: Oliver Davies
accountId: Oliver Davies
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
type: IdentityNowConnector
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:33:54.377Z'
supportsPasswordChange: true
accountAttributes: {}
accountCount: 2
apps:
- id: '20003'
name: Active Directory
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: c8cacc7080254b2781f56e0ded6c8dea
accountId: 'CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20013'
name: AD test
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: c8cacc7080254b2781f56e0ded6c8dea
accountId: 'CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20014'
name: Test AD
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: c8cacc7080254b2781f56e0ded6c8dea
accountId: 'CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5092'
name: Accounting
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: c8cacc7080254b2781f56e0ded6c8dea
accountId: 'CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5822114389092541705'
name: IdentityNow app
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
account:
id: a1ee6cd948754371a98105a5a6dd067d
accountId: Oliver Davies
appCount: 5
access:
- id: ad7025c956734455b28fa35e315e77fe
name: Benefits Common Access
displayName: Benefits Common Access
type: ROLE
description: Testing AD provisioning with birthright access
enabled: false
requestable: false
requestCommentsRequired: false
owner:
id: 322c6bce405a495a8e841a014b7d8410
name: tina.smith
displayName: tina.smith
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: 7e277d102c874560becc464cdfe33a86
name: Benefits Employees
displayName: Benefits Employees
type: ACCESS_PROFILE
description: Access for Benefits Employees. Distribution group and File share access.
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
owner:
id: 278f8a1859df48d2a0adb204257b26a2
name: Jerry.Bennett
displayName: Jerry.Bennett
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: 4919721c3c1a4ca484469b85f0fd9ba1
name: Benefits
displayName: Benefits
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
accessCount: 3
accessProfileCount: 1
entitlementCount: 1
roleCount: 1
modified: '2024-12-13T02:49:35.917Z'
visibleSegments:
- All Employees
visibleSegmentCount: 1
tagCount: 0
pod: pod01-useast1
org: org-name
synced: '2024-12-13T06:28:14.763Z'
_type: identity
type: identity
_version: v2
headers:
X-Total-Count:
schema:
type: integer
description: The total result count (returned only if the *count* parameter is specified as *true*).
example: 30
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/search/count:
post:
tags:
- Search
description: Performs a search with a provided query and returns the count of results in the X-Total-Count header.
operationId: searchCount
security:
- userAuth:
- 'sp:search:read'
summary: Count documents satisfying a query
requestBody:
content:
application/json:
schema:
type: object
properties:
indices:
description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.'
externalDocs:
description: Learn more about search indices here.
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html'
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
queryType:
description: |-
The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.
To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
- TEXT
- TYPEAHEAD
default: SAILPOINT
example: SAILPOINT
queryVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the query object.
This version number will map to the version of Elasticsearch for the query strings and objects being used.
query:
type: object
description: Query parameters used to construct an Elasticsearch query object.
properties:
query:
description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'name:a*'
fields:
description: |-
The fields the query will be applied to. Fields provide you with a simple way to add additional fields to search, without making the query too complicated. For example, you can use the fields to specify that you want your query of "a*" to be applied to "name", "firstName", and the "source.name". The response will include all results matching the "a*" query found in those three fields.
A field's availability depends on the indices being searched. For example, if you are searching "identities", you can apply your search to the "firstName" field, but you couldn't use "firstName" with a search on "access profiles". Refer to the response schema for the respective lists of available fields.
type: string
example:
- 'firstName,lastName,email'
timeZone:
description: The time zone to be applied to any range query related to dates.
type: string
example: America/Chicago
innerHit:
description: The innerHit query object returns a flattened list of results for the specified nested type.
type: object
required:
- query
- type
properties:
query:
description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'source.name:\"Active Directory\"'
type:
description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.'
type: string
example: access
queryDsl:
description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.'
type: object
example:
match:
name: john.doe
textQuery:
type: object
description: Query parameters used to construct an Elasticsearch text query object.
required:
- terms
- fields
properties:
terms:
description: Words or characters that specify a particular thing to be searched for.
type: array
items:
type: string
example:
- The quick brown fox
- '3141592'
- '7'
fields:
description: The fields to be searched.
type: array
items:
type: string
example:
- displayName
- employeeNumber
- roleCount
matchAny:
description: 'Indicates that at least one of the terms must be found in the specified fields; otherwise, all terms must be found.'
type: boolean
default: false
example: false
contains:
description: 'Indicates that the terms can be located anywhere in the specified fields; otherwise, the fields must begin with the terms.'
type: boolean
default: false
example: true
typeAheadQuery:
type: object
description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." '
required:
- query
- field
properties:
query:
description: The type ahead query string used to construct a phrase prefix match query.
type: string
example: Work
field:
description: The field on which to perform the type ahead search.
type: string
example: source.name
nestedType:
description: The nested type.
type: string
example: access
maxExpansions:
description: |-
The number of suffixes the last term will be expanded into.
Influences the performance of the query and the number results returned.
Valid values: 1 to 1000.
type: integer
format: int32
minimum: 1
maximum: 1000
default: 10
example: 10
size:
description: The max amount of records the search will return.
type: integer
format: int32
minimum: 1
default: 100
example: 100
sort:
description: The sort order of the returned records.
type: string
default: desc
example: asc
sortByValue:
description: 'The flag that defines the sort type, by count or value.'
type: boolean
default: false
example: true
includeNested:
description: Indicates whether nested objects from returned search results should be included.
type: boolean
default: true
example: true
queryResultFilter:
type: object
description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.
properties:
includes:
description: The list of field names to include in the result documents.
type: array
items:
type: string
example:
- name
- displayName
excludes:
description: The list of field names to exclude from the result documents.
type: array
items:
type: string
example:
- stacktrace
aggregationType:
description: |
Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
default: DSL
example: DSL
aggregationsVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the language being used for aggregation queries.
This version number will map to the version of Elasticsearch for the aggregation query object.
aggregationsDsl:
description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.'
type: object
example: {}
aggregations:
description: |
The aggregation’s specifications, such as the groupings and calculations to be performed.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
description: Aggregation to be performed on the result of the parent bucket aggregation.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
description: Aggregation to be performed on the result of the parent bucket aggregation.
sort:
description: The fields to be used to sort the search results. Use + or - to specify the sort direction.
type: array
items:
type: string
example:
- displayName
- +id
searchAfter:
description: |-
Used to begin the search window at the values specified.
This parameter consists of the last values of the sorted fields in the current record set.
This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.
It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging.
For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"].
If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity.
The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"]
type: array
items:
type: string
example:
- John Doe
- 2c91808375d8e80a0175e1f88a575221
filters:
description: The filters to be applied for each filtered field name.
type: object
additionalProperties:
type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
example: {}
examples:
query-timeZone:
summary: Query with timezone
value:
indices:
- identities
query:
query: 'created: [2022-05-19T19:26:03.351Z TO now]'
timeZone: America/Los_Angeles
required: true
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
headers:
X-Total-Count:
description: The total result count.
schema:
type: integer
example: 5
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/search/aggregate:
post:
tags:
- Search
description: 'Performs a search query aggregation and returns the aggregation result. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement searchAfter paging. '
operationId: searchAggregate
security:
- userAuth:
- 'sp:search:read'
summary: Perform a search query aggregation
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
requestBody:
content:
application/json:
schema:
type: object
properties:
indices:
description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.'
externalDocs:
description: Learn more about search indices here.
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html'
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
queryType:
description: |-
The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.
To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
- TEXT
- TYPEAHEAD
default: SAILPOINT
example: SAILPOINT
queryVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the query object.
This version number will map to the version of Elasticsearch for the query strings and objects being used.
query:
type: object
description: Query parameters used to construct an Elasticsearch query object.
properties:
query:
description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'name:a*'
fields:
description: |-
The fields the query will be applied to. Fields provide you with a simple way to add additional fields to search, without making the query too complicated. For example, you can use the fields to specify that you want your query of "a*" to be applied to "name", "firstName", and the "source.name". The response will include all results matching the "a*" query found in those three fields.
A field's availability depends on the indices being searched. For example, if you are searching "identities", you can apply your search to the "firstName" field, but you couldn't use "firstName" with a search on "access profiles". Refer to the response schema for the respective lists of available fields.
type: string
example:
- 'firstName,lastName,email'
timeZone:
description: The time zone to be applied to any range query related to dates.
type: string
example: America/Chicago
innerHit:
description: The innerHit query object returns a flattened list of results for the specified nested type.
type: object
required:
- query
- type
properties:
query:
description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'source.name:\"Active Directory\"'
type:
description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.'
type: string
example: access
queryDsl:
description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.'
type: object
example:
match:
name: john.doe
textQuery:
type: object
description: Query parameters used to construct an Elasticsearch text query object.
required:
- terms
- fields
properties:
terms:
description: Words or characters that specify a particular thing to be searched for.
type: array
items:
type: string
example:
- The quick brown fox
- '3141592'
- '7'
fields:
description: The fields to be searched.
type: array
items:
type: string
example:
- displayName
- employeeNumber
- roleCount
matchAny:
description: 'Indicates that at least one of the terms must be found in the specified fields; otherwise, all terms must be found.'
type: boolean
default: false
example: false
contains:
description: 'Indicates that the terms can be located anywhere in the specified fields; otherwise, the fields must begin with the terms.'
type: boolean
default: false
example: true
typeAheadQuery:
type: object
description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." '
required:
- query
- field
properties:
query:
description: The type ahead query string used to construct a phrase prefix match query.
type: string
example: Work
field:
description: The field on which to perform the type ahead search.
type: string
example: source.name
nestedType:
description: The nested type.
type: string
example: access
maxExpansions:
description: |-
The number of suffixes the last term will be expanded into.
Influences the performance of the query and the number results returned.
Valid values: 1 to 1000.
type: integer
format: int32
minimum: 1
maximum: 1000
default: 10
example: 10
size:
description: The max amount of records the search will return.
type: integer
format: int32
minimum: 1
default: 100
example: 100
sort:
description: The sort order of the returned records.
type: string
default: desc
example: asc
sortByValue:
description: 'The flag that defines the sort type, by count or value.'
type: boolean
default: false
example: true
includeNested:
description: Indicates whether nested objects from returned search results should be included.
type: boolean
default: true
example: true
queryResultFilter:
type: object
description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.
properties:
includes:
description: The list of field names to include in the result documents.
type: array
items:
type: string
example:
- name
- displayName
excludes:
description: The list of field names to exclude from the result documents.
type: array
items:
type: string
example:
- stacktrace
aggregationType:
description: |
Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
default: DSL
example: DSL
aggregationsVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the language being used for aggregation queries.
This version number will map to the version of Elasticsearch for the aggregation query object.
aggregationsDsl:
description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.'
type: object
example: {}
aggregations:
description: |
The aggregation’s specifications, such as the groupings and calculations to be performed.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
description: Aggregation to be performed on the result of the parent bucket aggregation.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
description: Aggregation to be performed on the result of the parent bucket aggregation.
sort:
description: The fields to be used to sort the search results. Use + or - to specify the sort direction.
type: array
items:
type: string
example:
- displayName
- +id
searchAfter:
description: |-
Used to begin the search window at the values specified.
This parameter consists of the last values of the sorted fields in the current record set.
This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.
It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging.
For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"].
If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity.
The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"]
type: array
items:
type: string
example:
- John Doe
- 2c91808375d8e80a0175e1f88a575221
filters:
description: The filters to be applied for each filtered field name.
type: object
additionalProperties:
type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
example: {}
examples:
metricAggregation:
summary: Metricaggregation
value:
indices:
- identities
aggregationType: SAILPOINT
aggregations:
metric:
name: How Many Locations
type: UNIQUE_COUNT
field: attributes.city
metricAggregation-dsl:
summary: Metricaggregation using dsl
value:
indices:
- identities
aggregationType: DSL
aggregationsDsl:
How Many Locations:
cardinality:
field: attributes.city.exact
bucketAggregation:
summary: Bucketaggregation
value:
indices:
- identities
aggregationType: SAILPOINT
aggregations:
bucket:
name: Identity Locations
type: TERMS
field: attributes.city
bucketAggregation-dsl:
summary: Bucketaggregation using dsl
value:
indices:
- identities
aggregationType: DSL
aggregationsDsl:
Identity Locations:
terms:
field: attributes.city.exact
nestedAggregation-bucketAggregation:
summary: Nestedaggregation with bucketaggregation
value:
indices:
- identities
aggregationType: SAILPOINT
aggregations:
nested:
name: Access
field: access
type: TERMS
bucket:
name: Access Source Name
type: TERMS
field: access.source.name
nestedAggregation-bucketAggregation-dsl:
summary: Nestedaggregation with bucketaggregation using dsl
value:
indices:
- identities
aggregationType: DSL
aggregationsDsl:
access:
nested:
path: access
aggs:
Access Source Name:
terms:
field: access.source.name.exact
nestedAggregation-filterAggregation-bucketAggregation:
summary: Nestedaggregation with filteraggregation and bucketaggregation
value:
indices:
- identities
aggregationType: SAILPOINT
aggregations:
nested:
name: Access
field: access
type: TERMS
filter:
name: Entitlements
field: access.type
value: ENTITLEMENT
bucket:
name: Access Name
type: TERMS
field: access.name
nestedAggregation-filterAggregation-bucketAggregation-dsl:
summary: Nestedaggregation with filteraggregation and bucketaggregation using dsl
value:
indices:
- identities
aggregationType: DSL
aggregationsDsl:
access:
nested:
path: access
aggs:
Entitlements:
filter:
term:
access.type: ENTITLEMENT
aggs:
Access Name:
terms:
field: access.name.exact
bucketAggregation-subAggregation:
summary: Bucketaggregation with subaggregation
value:
indices:
- identities
aggregationType: SAILPOINT
aggregations:
bucket:
name: Identity Department
type: TERMS
field: attributes.department
subAggregation:
bucket:
name: Identity Locations
type: TERMS
field: attributes.city
bucketAggregation-subAggregation-dsl:
summary: Bucketaggregation with subaggregation using dsl
value:
indices:
- identities
aggregationType: DSL
aggregationsDsl:
Identity Department:
terms:
field: attributes.department.exact
aggs:
Identity Locations:
terms:
field: attributes.city.exact
required: true
responses:
'200':
description: Aggregation results.
content:
application/json:
schema:
type: object
properties:
aggregations:
type: object
description: |
The document containing the results of the aggregation. This document is controlled by Elasticsearch and depends on the type of aggregation query that is run.
See Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) documentation for information.
example:
Identity Locations:
buckets:
- key: Austin
doc_count: 109
- key: London
doc_count: 64
- key: San Jose
doc_count: 27
- key: Brussels
doc_count: 26
- key: Sao Paulo
doc_count: 24
- key: Munich
doc_count: 23
- key: Singapore
doc_count: 22
- key: Tokyo
doc_count: 20
- key: Taipei
doc_count: 16
hits:
description: |
The results of the aggregation search query.
type: array
items:
type: object
oneOf:
- type: object
allOf:
- description: 'More complete representation of an access profile. '
allOf:
- type: object
properties:
description:
type: string
description: Access item's description.
example: Admin access
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
properties:
id:
type: string
description: Access profile's ID.
example: 2c9180825a6c1adc015a71c9023f0818
name:
type: string
description: Access profile's name.
example: Cloud Eng
source:
type: object
description: Access profile's source.
properties:
id:
type: string
description: Source's ID.
example: ff8081815757d4fb0157588f3d9d008f
name:
type: string
description: Source's name.
example: Employees
entitlements:
type: array
description: Entitlements the access profile has access to.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements.
example: 5
segments:
type: array
description: Segments with the access profile.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the access profile.
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
apps:
type: array
description: Applications with the access profile
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
description: Name of application
example: Travel and Expense
description:
description: Description of application.
type: string
example: Travel and Expense Application
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: John Doe
email:
type: string
description: Owner's email.
example: john.doe@sailpoint.com
- type: object
properties:
pod:
type: string
example: pod01-useast1
description: Name of the pod.
org:
type: string
example: org-name
description: Name of the tenant.
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
_version:
type: string
example: v2
description: Version number.
- type: object
allOf:
- description: AccountActivity
type: object
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of account activity.
action:
type: string
description: Type of action performed in the activity.
externalDocs:
description: Learn more about account activity action types
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data'
example: Identity Refresh.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
example: '2018-06-25T20:22:28.104Z'
stage:
type: string
description: Activity's current stage.
example: Completed
status:
type: string
description: Activity's current status.
example: Complete
requester:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
recipient:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
trackingNumber:
type: string
description: Account activity's tracking number.
example: 61aad0c9e8134eca89e76a35e0cabe3f
errors:
type: array
description: Errors provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
warnings:
type: array
description: Warnings provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
approvals:
type: array
description: Approvals performed on an item during activity.
items:
type: object
properties:
comments:
type: array
items:
type: object
properties:
comment:
type: string
description: The comment text
example: This request was autoapproved by our automated ETS subscriber.
commenter:
type: string
description: The name of the commenter
example: Automated AR Approval
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
result:
type: string
description: The result of the approval
example: Finished
attributeRequest:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
originalRequests:
type: array
description: Original actions that triggered all individual source actions related to the account action.
items:
type: object
properties:
accountId:
type: string
description: Account ID.
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
result:
type: object
properties:
status:
type: string
description: Request result status
example: Manual Task Created
attributeRequests:
type: array
description: Attribute changes requested for account.
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
op:
type: string
description: Operation used.
example: add
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
description: Account's source.
expansionItems:
type: array
description: Controls that translated the attribute requests into actual provisioning actions on the source.
items:
type: object
properties:
accountId:
type: string
description: The ID of the account
example: 2c91808981f58ea601821c3e93482e6f
cause:
type: string
example: Role
description: Cause of the expansion item.
name:
type: string
description: The name of the item
example: smartsheet-role
attributeRequest:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
id:
type: string
description: ID of the expansion item
example: ac2887ffe0e7435a8c18c73f7ae94c7b
state:
type: string
description: State of the expansion item
example: EXECUTING
accountRequests:
type: array
description: Account data for each individual source action triggered by the original requests.
items:
type: object
properties:
accountId:
type: string
description: Unique ID of the account
example: John.Doe
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
op:
type: string
example: Modify
description: The operation that was performed
provisioningTarget:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: object
properties:
errors:
type: array
items:
type: string
example: |-
[ConnectorError] [
{
"code": "unrecognized_keys",
"keys": [
"groups"
],
"path": [],
"message": "Unrecognized key(s) in object: 'groups'"
}
] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)
description: Error message.
status:
type: string
description: The status of the account request
example: failed
ticketId:
type: string
nullable: true
example: null
description: ID of associated ticket.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
sources:
type: string
description: Sources involved in the account activity.
example: 'smartsheet-test, airtable-v4, IdentityNow'
- type: object
properties:
pod:
type: string
example: pod01-useast1
description: Name of the pod.
org:
type: string
example: org-name
description: Name of the tenant.
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
_version:
type: string
example: v2
description: Version number.
- type: object
allOf:
- description: Entitlement
allOf:
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the referenced object.
name:
type: string
example: john.doe
description: The human readable name of the referenced object.
- type: object
properties:
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
displayName:
type: string
description: Entitlement's display name.
example: Admin
source:
type: object
description: Entitlement's source.
properties:
id:
type: string
description: ID of entitlement's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of entitlement's source.
example: ODS-HR-Employees
type:
type: string
example: SOURCE
description: Type of object.
segments:
type: array
description: Segments with the entitlement.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
requestable:
type: boolean
description: Indicates whether the entitlement is requestable.
default: false
example: false
cloudGoverned:
type: boolean
description: Indicates whether the entitlement is cloud governed.
default: false
example: false
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
attribute:
type: string
description: Attribute information for the entitlement.
example: groups
value:
type: string
description: Value of the entitlement.
example: 1733ff75-441e-4327-9bfc-3ac445fd8cd1
sourceSchemaObjectType:
type: string
description: Source schema object type of the entitlement.
example: group
schema:
type: string
description: Schema type of the entitlement.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
attributes:
type: object
additionalProperties: true
description: Attributes of the entitlement.
truncatedAttributes:
type: array
description: Truncated attributes of the entitlement.
items:
type: string
containsDataAccess:
type: boolean
description: Indicates whether the entitlement contains data access.
default: false
manuallyUpdatedFields:
type: object
description: Indicates whether the entitlement's display name and/or description have been manually updated.
nullable: true
properties:
DESCRIPTION:
type: boolean
default: false
example: false
DISPLAY_NAME:
type: boolean
default: false
example: false
permissions:
type: array
items:
type: object
properties:
target:
type: string
description: The target the permission would grants rights on.
example: SYS.GV_$TRANSACTION
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
items:
type: string
example: SELECT
- type: object
properties:
pod:
type: string
example: pod01-useast1
description: Name of the pod.
org:
type: string
example: org-name
description: Name of the tenant.
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
_version:
type: string
example: v2
description: Version number.
- type: object
allOf:
- type: object
description: Event
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the entitlement.
name:
type: string
example: Add Entitlement Passed
description: Name of the entitlement.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
example: '2018-06-25T20:22:28.104Z'
action:
type: string
description: Name of the event as it's displayed in audit reports.
example: AddEntitlement
type:
type: string
description: 'Event type. Refer to [Event Types](https://documentation.sailpoint.com/saas/help/search/index.html#event-types) for a list of event types and their meanings.'
example: ACCESS_ITEM
actor:
type: object
properties:
name:
type: string
description: Name of the actor that generated the event.
example: System
target:
type: object
properties:
name:
type: string
description: 'Name of the target, or recipient, of the event.'
example: Carol.Adams
stack:
type: string
description: The event's stack.
example: tpe
trackingNumber:
type: string
description: ID of the group of events.
example: 63f891e0735f4cc8bf1968144a1e7440
ipAddress:
type: string
description: Target system's IP address.
example: 52.52.97.85
details:
type: string
description: ID of event's details.
example: 73b65dfbed1842548c207432a18c84b0
attributes:
type: object
description: Attributes involved in the event.
additionalProperties: true
example:
pod: stg03-useast1
org: acme
sourceName: SailPoint
objects:
type: array
description: Objects the event is happening to.
items:
type: string
example: AUTHENTICATION
operation:
type: string
description: 'Operation, or action, performed during the event.'
example: ADD
status:
type: string
description: 'Event status. Refer to [Event Statuses](https://documentation.sailpoint.com/saas/help/search/index.html#event-statuses) for a list of event statuses and their meanings.'
example: PASSED
technicalName:
type: string
description: Event's normalized name. This normalized name always follows the pattern of 'objects_operation_status'.
example: ENTITLEMENT_ADD_PASSED
- properties:
pod:
type: string
example: pod01-useast1
org:
type: string
example: org-name
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
_version:
type: string
example: v2
- type: object
allOf:
- description: Identity
allOf:
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the referenced object.
name:
type: string
example: john.doe
description: The human readable name of the referenced object.
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
displayName:
type: string
example: Carol.Adams
description: Identity's display name.
firstName:
type: string
description: Identity's first name.
example: Carol
lastName:
type: string
description: Identity's last name.
example: Adams
email:
type: string
description: Identity's primary email address.
example: Carol.Adams@sailpointdemo.com
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
phone:
type: string
description: Identity's phone number.
example: +1 440-527-3672
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
inactive:
type: boolean
description: Indicates whether the identity is inactive.
default: false
example: false
protected:
type: boolean
description: Indicates whether the identity is protected.
default: false
example: false
status:
type: string
description: Identity's status in SailPoint.
example: UNREGISTERED
employeeNumber:
type: string
description: Identity's employee number.
example: 1a2a3d4e
manager:
type: object
description: Identity's manager.
nullable: true
properties:
id:
type: string
description: ID of identity's manager.
example: 2c9180867dfe694b017e208e27c05799
name:
type: string
description: Name of identity's manager.
example: Amanda.Ross
displayName:
type: string
description: Display name of identity's manager.
example: Amanda.Ross
isManager:
type: boolean
description: Indicates whether the identity is a manager of other identities.
example: false
identityProfile:
type: object
description: Identity's identity profile.
properties:
id:
type: string
description: Identity profile's ID.
example: 3bc8ad26b8664945866b31339d1ff7d2
name:
type: string
description: Identity profile's name.
example: HR Employees
source:
type: object
description: Identity's source.
properties:
id:
type: string
description: ID of identity's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of identity's source.
example: ODS-HR-Employees
attributes:
type: object
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
country: US
firstname: Carol
cloudStatus: UNREGISTERED
disabled:
type: boolean
description: Indicates whether the identity is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the identity is locked.
default: false
example: false
processingState:
type: string
description: Identity's processing state.
nullable: true
example: ERROR
processingDetails:
description: Identity's processing details.
nullable: true
type: object
properties:
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
stage:
type: string
example: In Process
retryCount:
type: integer
example: 0
format: int32
stackTrace:
type: string
example:
message:
type: string
example:
accounts:
type: array
description: List of accounts associated with the identity.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
accountId:
type: string
description: Account ID.
example: John.Doe
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
disabled:
type: boolean
description: Indicates whether the account is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the account is locked.
default: false
example: false
privileged:
type: boolean
description: Indicates whether the account is privileged.
default: false
example: false
manuallyCorrelated:
type: boolean
description: Indicates whether the account has been manually correlated to an identity.
default: false
example: false
passwordLastSet:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
entitlementAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
moderator: true
admin: true
trust_level: '4'
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
supportsPasswordChange:
type: boolean
description: Indicates whether the account supports password change.
default: false
example: false
accountAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
type: global
admin: true
trust_level: '4'
accountCount:
type: integer
description: Number of accounts associated with the identity.
format: int32
example: 3
apps:
type: array
description: List of applications the identity has access to.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
account:
type: object
properties:
id:
type: string
description: The SailPoint generated unique ID
example: 2c9180837dfe6949017e21f3d8cd6d49
accountId:
type: string
description: The account ID generated by the source
example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
appCount:
type: integer
format: int32
description: Number of applications the identity has access to.
example: 2
access:
type: array
description: List of access items assigned to the identity.
items:
discriminator:
propertyName: type
mapping:
ACCESS_PROFILE: ../access/AccessProfileSummary.yaml
ENTITLEMENT: ../access/AccessProfileEntitlement.yaml
ROLE: ../access/AccessProfileRole.yaml
oneOf:
- description: This is a summary representation of an access profile.
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
type:
type: string
description: Type of the access item.
example: ACCESS_PROFILE
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
revocable:
type: boolean
example: true
- description: EntitlementReference
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
type:
type: string
description: Type of the access item.
example: ENTITLEMENT
privileged:
type: boolean
example: false
attribute:
type: string
example: memberOf
value:
type: string
example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone:
type: boolean
example: false
- description: Role
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
type:
type: string
description: Type of the access item.
example: ROLE
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
disabled:
type: boolean
revocable:
type: boolean
accessCount:
type: integer
format: int32
description: Number of access items assigned to the identity.
example: 5
entitlementCount:
type: integer
format: int32
description: Number of entitlements assigned to the identity.
example: 10
roleCount:
type: integer
format: int32
description: Number of roles assigned to the identity.
example: 1
accessProfileCount:
type: integer
format: int32
description: Number of access profiles assigned to the identity.
example: 1
owns:
type: array
description: Access items the identity owns.
items:
type: object
properties:
sources:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
entitlements:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
roles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
apps:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
governanceGroups:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
fallbackApprover:
type: boolean
example: false
ownsCount:
type: integer
format: int32
description: Number of access items the identity owns.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
tagsCount:
type: integer
format: int32
description: Number of tags on the identity.
visibleSegments:
type: array
description: List of segments that the identity is in.
items:
type: string
nullable: true
example:
- All Employees
visibleSegmentCount:
type: integer
format: int32
description: Number of segments the identity is in.
example: 1
- type: object
properties:
pod:
type: string
example: pod01-useast1
description: Name of the pod.
org:
type: string
example: org-name
description: Name of the tenant.
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
_version:
type: string
example: v2
description: Version number.
- type: object
allOf:
- description: Role
allOf:
- type: object
properties:
description:
type: string
description: Access item's description.
example: Admin access
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the role.
name:
type: string
example: Branch Manager Access
description: Name of the role.
accessProfiles:
type: array
description: Access profiles included with the role.
nullable: true
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
accessProfileCount:
type: integer
description: Number of access profiles included with the role.
nullable: true
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
nullable: true
segments:
type: array
description: Segments with the role.
nullable: true
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
nullable: true
format: int32
example: 1
entitlements:
type: array
description: Entitlements included with the role.
nullable: true
items:
allOf:
- type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
- properties:
sourceSchemaObjectType:
type: string
description: Schema objectType.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
entitlementCount:
type: integer
description: Number of entitlements included with the role.
nullable: true
format: int32
example: 3
dimensional:
type: boolean
example: false
default: false
dimensionSchemaAttributeCount:
type: integer
description: Number of dimension attributes included with the role.
nullable: true
format: int32
example: 3
dimensionSchemaAttributes:
type: array
description: Dimension attributes included with the role.
nullable: true
items:
type: object
properties:
derived:
type: boolean
example: true
default: true
displayName:
type: string
description: Displayname of the dimension attribute.
example: Department
name:
type: string
description: Name of the dimension attribute.
example: department
dimensions:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: Unique ID of the dimension.
example: b3c28992ba964a40a7598978139d1ced
name:
type: string
description: Name of the dimension.
example: Manager Austin Branch
description:
type: string
nullable: true
description: Description of the dimension.
example: Managers located at the Austin branch
entitlements:
type: array
description: Entitlements included with the role.
nullable: true
items:
allOf:
- type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
- properties:
sourceSchemaObjectType:
type: string
description: Schema objectType.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
accessProfiles:
type: array
nullable: true
description: Access profiles included in the dimension.
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
- type: object
properties:
pod:
type: string
example: pod01-useast1
description: Name of the pod.
org:
type: string
example: org-name
description: Name of the tenant.
_type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
type:
description: |-
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofile
- accountactivity
- entitlement
- event
- identity
- role
example: identity
_version:
type: string
example: v2
description: Version number.
text/csv:
schema:
description: |
If the *Accept:text/csv* header is specified and the *aggregationType* parameter in the request body is *SAILPOINT*,
the aggregation result will be returned as a CSV document.
type: string
example:
- 'Identity Locations,Count'
- 'Munich,23'
- 'Brussels,26'
- 'Singapore,22'
- 'Tokyo,20'
- 'Taipei,16'
- 'London,64'
- 'Austin,109'
- 'Sao Paulo,24'
- 'San Jose,27'
headers:
X-Total-Count:
description: The total result count (returned only if the *count* parameter is specified as *true*).
schema:
type: integer
example: 5
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/search/{index}/{id}':
get:
tags:
- Search
description: 'Fetches a single document from the specified index, using the specified document ID.'
operationId: searchGet
security:
- userAuth:
- 'sp:search:read'
- applicationAuth:
- 'sp:search:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
- REPORT_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- HELPDESK
summary: Get a document by id
parameters:
- in: path
name: index
description: |
The index from which to fetch the specified document.
The currently supported index names are: *accessprofiles*, *accountactivities*, *entitlements*, *events*, *identities*, and *roles*.
schema:
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
required: true
example: identities
- in: path
name: id
description: ID of the requested document.
schema:
type: string
required: true
example: 2c91808568c529c60168cca6f90c1313
x-sailpoint-resource-operation-id:
- listAccessProfiles
- listAccountActivities
- listEntitlements
- listRoles
- listIdentities
responses:
'200':
description: The requested document.
content:
application/json:
schema:
type: object
oneOf:
- description: 'More complete representation of an access profile. '
allOf:
- type: object
properties:
description:
type: string
description: Access item's description.
example: Admin access
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
properties:
id:
type: string
description: Access profile's ID.
example: 2c9180825a6c1adc015a71c9023f0818
name:
type: string
description: Access profile's name.
example: Cloud Eng
source:
type: object
description: Access profile's source.
properties:
id:
type: string
description: Source's ID.
example: ff8081815757d4fb0157588f3d9d008f
name:
type: string
description: Source's name.
example: Employees
entitlements:
type: array
description: Entitlements the access profile has access to.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements.
example: 5
segments:
type: array
description: Segments with the access profile.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the access profile.
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
apps:
type: array
description: Applications with the access profile
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
description: Name of application
example: Travel and Expense
description:
description: Description of application.
type: string
example: Travel and Expense Application
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: John Doe
email:
type: string
description: Owner's email.
example: john.doe@sailpoint.com
- description: AccountActivity
type: object
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of account activity.
action:
type: string
description: Type of action performed in the activity.
externalDocs:
description: Learn more about account activity action types
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data'
example: Identity Refresh.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
example: '2018-06-25T20:22:28.104Z'
stage:
type: string
description: Activity's current stage.
example: Completed
status:
type: string
description: Activity's current status.
example: Complete
requester:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
recipient:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
trackingNumber:
type: string
description: Account activity's tracking number.
example: 61aad0c9e8134eca89e76a35e0cabe3f
errors:
type: array
description: Errors provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
warnings:
type: array
description: Warnings provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
approvals:
type: array
description: Approvals performed on an item during activity.
items:
type: object
properties:
comments:
type: array
items:
type: object
properties:
comment:
type: string
description: The comment text
example: This request was autoapproved by our automated ETS subscriber.
commenter:
type: string
description: The name of the commenter
example: Automated AR Approval
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
result:
type: string
description: The result of the approval
example: Finished
attributeRequest:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
originalRequests:
type: array
description: Original actions that triggered all individual source actions related to the account action.
items:
type: object
properties:
accountId:
type: string
description: Account ID.
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
result:
type: object
properties:
status:
type: string
description: Request result status
example: Manual Task Created
attributeRequests:
type: array
description: Attribute changes requested for account.
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
op:
type: string
description: Operation used.
example: add
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
description: Account's source.
expansionItems:
type: array
description: Controls that translated the attribute requests into actual provisioning actions on the source.
items:
type: object
properties:
accountId:
type: string
description: The ID of the account
example: 2c91808981f58ea601821c3e93482e6f
cause:
type: string
example: Role
description: Cause of the expansion item.
name:
type: string
description: The name of the item
example: smartsheet-role
attributeRequest:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
id:
type: string
description: ID of the expansion item
example: ac2887ffe0e7435a8c18c73f7ae94c7b
state:
type: string
description: State of the expansion item
example: EXECUTING
accountRequests:
type: array
description: Account data for each individual source action triggered by the original requests.
items:
type: object
properties:
accountId:
type: string
description: Unique ID of the account
example: John.Doe
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
op:
type: string
example: Modify
description: The operation that was performed
provisioningTarget:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: object
properties:
errors:
type: array
items:
type: string
example: |-
[ConnectorError] [
{
"code": "unrecognized_keys",
"keys": [
"groups"
],
"path": [],
"message": "Unrecognized key(s) in object: 'groups'"
}
] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)
description: Error message.
status:
type: string
description: The status of the account request
example: failed
ticketId:
type: string
nullable: true
example: null
description: ID of associated ticket.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
sources:
type: string
description: Sources involved in the account activity.
example: 'smartsheet-test, airtable-v4, IdentityNow'
- description: Entitlement
allOf:
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the referenced object.
name:
type: string
example: john.doe
description: The human readable name of the referenced object.
- type: object
properties:
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
displayName:
type: string
description: Entitlement's display name.
example: Admin
source:
type: object
description: Entitlement's source.
properties:
id:
type: string
description: ID of entitlement's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of entitlement's source.
example: ODS-HR-Employees
type:
type: string
example: SOURCE
description: Type of object.
segments:
type: array
description: Segments with the entitlement.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
requestable:
type: boolean
description: Indicates whether the entitlement is requestable.
default: false
example: false
cloudGoverned:
type: boolean
description: Indicates whether the entitlement is cloud governed.
default: false
example: false
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
attribute:
type: string
description: Attribute information for the entitlement.
example: groups
value:
type: string
description: Value of the entitlement.
example: 1733ff75-441e-4327-9bfc-3ac445fd8cd1
sourceSchemaObjectType:
type: string
description: Source schema object type of the entitlement.
example: group
schema:
type: string
description: Schema type of the entitlement.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
attributes:
type: object
additionalProperties: true
description: Attributes of the entitlement.
truncatedAttributes:
type: array
description: Truncated attributes of the entitlement.
items:
type: string
containsDataAccess:
type: boolean
description: Indicates whether the entitlement contains data access.
default: false
manuallyUpdatedFields:
type: object
description: Indicates whether the entitlement's display name and/or description have been manually updated.
nullable: true
properties:
DESCRIPTION:
type: boolean
default: false
example: false
DISPLAY_NAME:
type: boolean
default: false
example: false
permissions:
type: array
items:
type: object
properties:
target:
type: string
description: The target the permission would grants rights on.
example: SYS.GV_$TRANSACTION
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
items:
type: string
example: SELECT
- type: object
description: Event
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the entitlement.
name:
type: string
example: Add Entitlement Passed
description: Name of the entitlement.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
example: '2018-06-25T20:22:28.104Z'
action:
type: string
description: Name of the event as it's displayed in audit reports.
example: AddEntitlement
type:
type: string
description: 'Event type. Refer to [Event Types](https://documentation.sailpoint.com/saas/help/search/index.html#event-types) for a list of event types and their meanings.'
example: ACCESS_ITEM
actor:
type: object
properties:
name:
type: string
description: Name of the actor that generated the event.
example: System
target:
type: object
properties:
name:
type: string
description: 'Name of the target, or recipient, of the event.'
example: Carol.Adams
stack:
type: string
description: The event's stack.
example: tpe
trackingNumber:
type: string
description: ID of the group of events.
example: 63f891e0735f4cc8bf1968144a1e7440
ipAddress:
type: string
description: Target system's IP address.
example: 52.52.97.85
details:
type: string
description: ID of event's details.
example: 73b65dfbed1842548c207432a18c84b0
attributes:
type: object
description: Attributes involved in the event.
additionalProperties: true
example:
pod: stg03-useast1
org: acme
sourceName: SailPoint
objects:
type: array
description: Objects the event is happening to.
items:
type: string
example: AUTHENTICATION
operation:
type: string
description: 'Operation, or action, performed during the event.'
example: ADD
status:
type: string
description: 'Event status. Refer to [Event Statuses](https://documentation.sailpoint.com/saas/help/search/index.html#event-statuses) for a list of event statuses and their meanings.'
example: PASSED
technicalName:
type: string
description: Event's normalized name. This normalized name always follows the pattern of 'objects_operation_status'.
example: ENTITLEMENT_ADD_PASSED
- description: Identity
allOf:
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the referenced object.
name:
type: string
example: john.doe
description: The human readable name of the referenced object.
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
displayName:
type: string
example: Carol.Adams
description: Identity's display name.
firstName:
type: string
description: Identity's first name.
example: Carol
lastName:
type: string
description: Identity's last name.
example: Adams
email:
type: string
description: Identity's primary email address.
example: Carol.Adams@sailpointdemo.com
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
phone:
type: string
description: Identity's phone number.
example: +1 440-527-3672
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
inactive:
type: boolean
description: Indicates whether the identity is inactive.
default: false
example: false
protected:
type: boolean
description: Indicates whether the identity is protected.
default: false
example: false
status:
type: string
description: Identity's status in SailPoint.
example: UNREGISTERED
employeeNumber:
type: string
description: Identity's employee number.
example: 1a2a3d4e
manager:
type: object
description: Identity's manager.
nullable: true
properties:
id:
type: string
description: ID of identity's manager.
example: 2c9180867dfe694b017e208e27c05799
name:
type: string
description: Name of identity's manager.
example: Amanda.Ross
displayName:
type: string
description: Display name of identity's manager.
example: Amanda.Ross
isManager:
type: boolean
description: Indicates whether the identity is a manager of other identities.
example: false
identityProfile:
type: object
description: Identity's identity profile.
properties:
id:
type: string
description: Identity profile's ID.
example: 3bc8ad26b8664945866b31339d1ff7d2
name:
type: string
description: Identity profile's name.
example: HR Employees
source:
type: object
description: Identity's source.
properties:
id:
type: string
description: ID of identity's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of identity's source.
example: ODS-HR-Employees
attributes:
type: object
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
country: US
firstname: Carol
cloudStatus: UNREGISTERED
disabled:
type: boolean
description: Indicates whether the identity is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the identity is locked.
default: false
example: false
processingState:
type: string
description: Identity's processing state.
nullable: true
example: ERROR
processingDetails:
description: Identity's processing details.
nullable: true
type: object
properties:
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
stage:
type: string
example: In Process
retryCount:
type: integer
example: 0
format: int32
stackTrace:
type: string
example:
message:
type: string
example:
accounts:
type: array
description: List of accounts associated with the identity.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
accountId:
type: string
description: Account ID.
example: John.Doe
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
disabled:
type: boolean
description: Indicates whether the account is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the account is locked.
default: false
example: false
privileged:
type: boolean
description: Indicates whether the account is privileged.
default: false
example: false
manuallyCorrelated:
type: boolean
description: Indicates whether the account has been manually correlated to an identity.
default: false
example: false
passwordLastSet:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
entitlementAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
moderator: true
admin: true
trust_level: '4'
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
supportsPasswordChange:
type: boolean
description: Indicates whether the account supports password change.
default: false
example: false
accountAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
type: global
admin: true
trust_level: '4'
accountCount:
type: integer
description: Number of accounts associated with the identity.
format: int32
example: 3
apps:
type: array
description: List of applications the identity has access to.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
account:
type: object
properties:
id:
type: string
description: The SailPoint generated unique ID
example: 2c9180837dfe6949017e21f3d8cd6d49
accountId:
type: string
description: The account ID generated by the source
example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
appCount:
type: integer
format: int32
description: Number of applications the identity has access to.
example: 2
access:
type: array
description: List of access items assigned to the identity.
items:
discriminator:
propertyName: type
mapping:
ACCESS_PROFILE: ../access/AccessProfileSummary.yaml
ENTITLEMENT: ../access/AccessProfileEntitlement.yaml
ROLE: ../access/AccessProfileRole.yaml
oneOf:
- description: This is a summary representation of an access profile.
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
type:
type: string
description: Type of the access item.
example: ACCESS_PROFILE
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
revocable:
type: boolean
example: true
- description: EntitlementReference
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
type:
type: string
description: Type of the access item.
example: ENTITLEMENT
privileged:
type: boolean
example: false
attribute:
type: string
example: memberOf
value:
type: string
example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone:
type: boolean
example: false
- description: Role
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
type:
type: string
description: Type of the access item.
example: ROLE
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
disabled:
type: boolean
revocable:
type: boolean
accessCount:
type: integer
format: int32
description: Number of access items assigned to the identity.
example: 5
entitlementCount:
type: integer
format: int32
description: Number of entitlements assigned to the identity.
example: 10
roleCount:
type: integer
format: int32
description: Number of roles assigned to the identity.
example: 1
accessProfileCount:
type: integer
format: int32
description: Number of access profiles assigned to the identity.
example: 1
owns:
type: array
description: Access items the identity owns.
items:
type: object
properties:
sources:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
entitlements:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
roles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
apps:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
governanceGroups:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
fallbackApprover:
type: boolean
example: false
ownsCount:
type: integer
format: int32
description: Number of access items the identity owns.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
tagsCount:
type: integer
format: int32
description: Number of tags on the identity.
visibleSegments:
type: array
description: List of segments that the identity is in.
items:
type: string
nullable: true
example:
- All Employees
visibleSegmentCount:
type: integer
format: int32
description: Number of segments the identity is in.
example: 1
- description: Role
allOf:
- type: object
properties:
description:
type: string
description: Access item's description.
example: Admin access
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the role.
name:
type: string
example: Branch Manager Access
description: Name of the role.
accessProfiles:
type: array
description: Access profiles included with the role.
nullable: true
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
accessProfileCount:
type: integer
description: Number of access profiles included with the role.
nullable: true
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
nullable: true
segments:
type: array
description: Segments with the role.
nullable: true
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
nullable: true
format: int32
example: 1
entitlements:
type: array
description: Entitlements included with the role.
nullable: true
items:
allOf:
- type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
- properties:
sourceSchemaObjectType:
type: string
description: Schema objectType.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
entitlementCount:
type: integer
description: Number of entitlements included with the role.
nullable: true
format: int32
example: 3
dimensional:
type: boolean
example: false
default: false
dimensionSchemaAttributeCount:
type: integer
description: Number of dimension attributes included with the role.
nullable: true
format: int32
example: 3
dimensionSchemaAttributes:
type: array
description: Dimension attributes included with the role.
nullable: true
items:
type: object
properties:
derived:
type: boolean
example: true
default: true
displayName:
type: string
description: Displayname of the dimension attribute.
example: Department
name:
type: string
description: Name of the dimension attribute.
example: department
dimensions:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: Unique ID of the dimension.
example: b3c28992ba964a40a7598978139d1ced
name:
type: string
description: Name of the dimension.
example: Manager Austin Branch
description:
type: string
nullable: true
description: Description of the dimension.
example: Managers located at the Austin branch
entitlements:
type: array
description: Entitlements included with the role.
nullable: true
items:
allOf:
- type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
- properties:
sourceSchemaObjectType:
type: string
description: Schema objectType.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
accessProfiles:
type: array
nullable: true
description: Access profiles included in the dimension.
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
examples:
accessProfile:
summary: Accessprofile
value:
id: 13b856dd9a264206954b63ecbb57a853
name: Cloud Eng
description: Cloud Eng
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
entitlements:
- hasPermissions: false
attribute: memberOf
value: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema: group
privileged: false
id: 7372eaddd75749bd89a2e76a363eb891
name: Cloud Engineering
description: Cloud Engineering
entitlementCount: 1
segments: []
segmentCount: 0
apps: []
created: '2024-09-16T17:41:25Z'
modified: '2024-09-16T19:30:54Z'
synced: '2025-02-12T06:32:40.156Z'
enabled: true
requestable: true
requestCommentsRequired: false
owner:
id: ff8081815757d36a015757d42e56031e
name: SailPoint Support
type: IDENTITY
email: cloud-support@sailpoint.com
tags:
- TAG_1
- TAG_2
accountActivity:
summary: Accountactivity
value:
id: 6f76c3add1db4ba8bbe0d42aaceb7a07
requester:
name: Amos.Cunningham
id: ef1e2a36099447cb9448c68e1804dd9f
type: Identity
synced: '2025-01-02T21:47:16.953Z'
sources: Active Directory
created: '2025-01-02T21:45:59.795Z'
accountRequests:
- result:
status: committed
accountId: 'CN=Amos Cunningham,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
op: Modify
provisioningTarget:
name: Active Directory
id: 5c71ff71195b4794a0b87e7cf36fb017
type: ADLDAPConnector
source:
name: Active Directory
id: 5c71ff71195b4794a0b87e7cf36fb017
type: ADLDAPConnector
attributeRequests:
- op: Add
name: memberOf
value: 'CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
stage: Completed
originalRequests:
- result:
status: Manual Task Created
accountId: 'CN=Amos Cunningham,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
op: Modify
accountUuid: '{17413e85-1c08-4bb0-b658-9afdaad11d0a}'
source:
name: Active Directory
id: 5c71ff71195b4794a0b87e7cf36fb017
type: ADLDAPConnector
attributeRequests:
- op: Add
name: memberOf
value: 'CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
expansionItems: []
approvals:
- owner:
name: tina.smith
id: 322c6bce405a495a8e841a014b7d8410
type: Identity
result: Finished
attributeRequest:
op: Add
name: memberOf
value:
- 'CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
accountUuid: '{17413e85-1c08-4bb0-b658-9afdaad11d0a}'
modified: '2025-01-02T21:47:16.903Z'
source:
name: Active Directory
id: 5c71ff71195b4794a0b87e7cf36fb017
type: ADLDAPConnector
recipient:
name: Amos.Cunningham
id: ef1e2a36099447cb9448c68e1804dd9f
type: Identity
action: Access Request
modified: '2025-01-02T21:47:16.903Z'
trackingNumber: 051d09b0bb5b453d91f658ba7f1e3171
status: Complete
entitlement:
summary: Entitlement
value:
id: 2c9180867dde18d1017de8ea1f5c130f
name: Vendor Creation
displayName: Vendor Creation
created: '2021-12-23T20:09:57.340Z'
modified: '2023-05-02T06:31:19.357Z'
attribute: groups
value: VC
sourceSchemaObjectType: group
schema: group
privileged: false
cloudGoverned: false
hash: 22ac1f7a13c8a462c67ee74f5fcbf06a277cce50
description: Set up new AP vendors
requestable: false
source:
id: 2c9180887de347a7017de8e75fa5570a
type: SOURCE
name: Finance
containsDataAccess: 'false'
event:
summary: Event
value:
id: 001909ce8cc3b519436197105426b18b5fc6ca179803c0c3702e9038107bec78
stack: wps
synced: '2023-06-01T22:01:38.170Z'
created: '2023-06-01T22:01:37.818Z'
objects:
- ACCOUNT
type: PROVISIONING
technicalName: ACCOUNT_MODIFY_PASSED
target:
name: Colt.Spears
actor:
name: System
name: Modify Account Passed
action: ModifyAccount
attributes:
accountUuid: '{2d1ec18a-84cc-4659-bf75-a1ce4d56a9c5}'
cloudAppName: Active Directory
appId: 5c71ff71195b4794a0b87e7cf36fb017
sourceId: source
sourceName: Active Directory
accountName: 'CN=Colt Spears,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpoint,DC=com'
interface: Identity Refresh
trackingNumber: 1f74901adbc0412d9fa51314195155be
operation: MODIFY
status: PASSED
identity:
summary: Identity
value:
id: 2c9180865c45e7e3015c46c434a80622
name: Laura Peeters
firstName: Laura
lastName: Peeters
displayName: Laura Peeters
email: Laura.Peeters@sailpointdemo.com
created: '2024-04-04T21:36:00.385Z'
inactive: false
protected: false
status: ACTIVE
employeeNumber: '10673'
manager:
id: 88e405b1a3b8439daf2efc8f4ff0a98b
name: Mia Garcia
displayName: Mia Garcia
isManager: true
identityProfile:
id: 00a2bc6244b34f4a88d985f035f2b68b
name: HR Global
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
attributes:
city: Brussels
cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0
cloudLifecycleState: active
cloudStatus: UNREGISTERED
country: BE
department: EMEA Sales
displayName: Laura Peeters
email: Laura.Peeters@sailpointdemo.com
firstname: Laura
identificationNumber: '10673'
identityState: ACTIVE
internalCloudStatus: UNREGISTERED
jobTitle: 'Manager, Sales - Belgium'
lastname: Peeters
location: EMEA
uid: '10673'
visibleSegments:
- d75ae486-044b-4eba-8113-0cdacb5341df
disabled: false
locked: false
accounts:
- id: 830396e8863442f1bce7b485612c8b51
name: Laura Peeters
accountId: '10673'
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
type: DelimitedFile
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:36:00.385Z'
supportsPasswordChange: false
- id: cd6797419f37492ba22ea991f9d6ba90
name: $SEK300-N3K0K4HOPEB6
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
type: Active Directory - Direct
disabled: false
locked: false
privileged: false
manuallyCorrelated: true
passwordLastSet: '2024-04-04T21:38:57.434Z'
entitlementAttributes:
memberOf:
- 'CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
created: '2024-04-04T21:42:26.787Z'
supportsPasswordChange: true
- id: db145fd0ec6a4e0cbc3a24bbe0758c8f
name: Laura Peeters
accountId: '10681'
source:
id: 524f8d986f9b4192865269516d169eb0
name: HR Global
type: DelimitedFile
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:36:15.769Z'
supportsPasswordChange: false
- id: 6b75898eec394b4c98a5c3d2d9ba311b
name: Laura Peeters
accountId: Laura Peeters
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
type: IdentityNowConnector
disabled: false
locked: false
privileged: false
manuallyCorrelated: false
entitlementAttributes: {}
created: '2024-04-04T21:36:15.809Z'
supportsPasswordChange: true
accountAttributes: {}
accountCount: 3
apps:
- id: '20003'
name: Active Directory
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: cd6797419f37492ba22ea991f9d6ba90
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20013'
name: AD test
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: cd6797419f37492ba22ea991f9d6ba90
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '20014'
name: Test AD
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: cd6797419f37492ba22ea991f9d6ba90
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5092'
name: Accounting
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
account:
id: cd6797419f37492ba22ea991f9d6ba90
accountId: 'CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- id: '5822114389092541705'
name: IdentityNow app
source:
id: af4686d6482841ac96d793901372ad9b
name: IdentityNow
account:
id: 6b75898eec394b4c98a5c3d2d9ba311b
accountId: Laura Peeters
appCount: 5
access:
- id: 4919721c3c1a4ca484469b85f0fd9ba1
name: Benefits
displayName: Benefits
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: 4bf8f57887874e9c83ae3a662bf8988c
name: Sales-Folder
displayName: Sales-Folder
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: f1bea520cace4489805d26de3463262d
name: Salesforce Access
displayName: Salesforce Access
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: 98a76b26b7884f3e8d115991cebc09b2
name: Salesforce opportunity management
displayName: Salesforce opportunity management
type: ENTITLEMENT
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
disabled: false
privileged: false
attribute: memberOf
value: 'CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone: false
cloudEligible: false
cloudGoverned: false
schema: group
- id: 7e277d102c874560becc464cdfe33a86
name: Benefits Employees
displayName: Benefits Employees
type: ACCESS_PROFILE
description: Access for Benefits Employees. Distribution group and File share access.
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
owner:
id: 278f8a1859df48d2a0adb204257b26a2
name: Jerry.Bennett
displayName: Jerry.Bennett
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: 468171f0af874adebb58d3718519bd56
name: SalesCommonAccess
displayName: SalesCommonAccess
type: ACCESS_PROFILE
description: Grants basic access for everyone in the sale department
enabled: false
requestable: false
requestCommentsRequired: false
source:
id: 5c71ff71195b4794a0b87e7cf36fb017
name: Active Directory
owner:
id: 278f8a1859df48d2a0adb204257b26a2
name: Jerry.Bennett
displayName: Jerry.Bennett
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: ad7025c956734455b28fa35e315e77fe
name: Benefits Common Access
displayName: Benefits Common Access
type: ROLE
description: Testing AD provisioning with birthright access
enabled: false
requestable: false
requestCommentsRequired: false
owner:
id: 322c6bce405a495a8e841a014b7d8410
name: tina.smith
displayName: tina.smith
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
- id: a8819cb0445541438fe08dd38f311b3c
name: SalesGlobal
displayName: SalesGlobal
type: ROLE
description: All Sales people in the company
enabled: false
requestable: false
requestCommentsRequired: false
owner:
id: 29b6ee3f91484d159b1ceac3109af151
name: se.admin
displayName: se.admin
disabled: false
privileged: false
standalone: false
revocable: false
cloudEligible: false
cloudGoverned: false
accessCount: 8
accessProfileCount: 2
entitlementCount: 4
roleCount: 2
modified: '2025-01-17T03:17:17.895Z'
visibleSegments:
- All Employees
visibleSegmentCount: 1
tagCount: 2
tags:
- TAG_1
- TAG_2
role:
summary: Role
value:
id: 2c91808c6faadea6016fb4f2bc69077b
accessProfileCount: 1
accessProfiles:
- id: 468171f0af874adebb58d3718519bd56
name: SalesCommonAccess
created: '2023-06-01T22:00:55.311Z'
description: All Sales people in the company
dimensional: false
enabled: true
modified: '2023-06-01T22:00:55.432Z'
name: SalesGlobal
owner:
email: admin@sailpointdemo.com
id: c18630c4811c4030810afb3a14f388cf
name: admin
type: IDENTITY
requestCommentsRequired: false
requestable: true
tags:
- TAG_1
- TAG_2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/segments:
post:
operationId: createSegment
security:
- userAuth:
- 'idn:segment:manage'
- applicationAuth:
- 'idn:segment:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Segments
summary: Create segment
description: |-
This API creates a segment.
>**Note:** Segment definitions may take time to propagate to all identities.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
allOf:
- type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
- nullable: true
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
responses:
'201':
description: Segment created
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
allOf:
- type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
- nullable: true
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: listSegments
security:
- userAuth:
- 'idn:segment:read'
- 'idn:segment:manage'
- applicationAuth:
- 'idn:segment:read'
- 'idn:segment:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Segments
summary: List segments
description: 'This API returns a list of all segments. '
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: List of all segments
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
allOf:
- type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
- nullable: true
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/segments/{id}':
get:
operationId: getSegment
security:
- userAuth:
- 'idn:segment:read'
- 'idn:segment:manage'
- applicationAuth:
- 'idn:segment:read'
- 'idn:segment:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Segments
summary: Get segment by id
description: This API returns the segment specified by the given ID.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSegments
description: The segment ID to retrieve.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Segment
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
allOf:
- type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
- nullable: true
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSegment
security:
- userAuth:
- 'idn:segment:manage'
- applicationAuth:
- 'idn:segment:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Segments
summary: Delete segment by id
description: |-
This API deletes the segment specified by the given ID.
>**Note:** that segment deletion may take some time to become effective.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSegments
description: The segment ID to delete.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchSegment
security:
- userAuth:
- 'idn:segment:manage'
- applicationAuth:
- 'idn:segment:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Segments
summary: Update segment
description: |-
Use this API to update segment fields by using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
>**Note:** Changes to a segment may take some time to propagate to all identities.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSegments
description: The segment ID to modify.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: |
A list of segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* description
* owner
* visibilityCriteria
* active
content:
application/json-patch+json:
schema:
type: array
items:
type: object
examples:
Set Visibility Criteria:
description: Set the visibility criteria
value:
- op: replace
path: /visibilityCriteria
value:
expression:
operator: AND
children:
- operator: EQUALS
attribute: location
value:
type: STRING
value: Philadelphia
- operator: EQUALS
attribute: department
value:
type: STRING
value: HR
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the segment''s new representation.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The segment's ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: The segment's business name.
example: segment-xyz
created:
type: string
format: date-time
description: The time when the segment is created.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when the segment is modified.
example: '2020-01-01T00:00:00.000000Z'
description:
type: string
description: The segment's optional description.
example: This segment represents xyz
owner:
type: object
nullable: true
description: The owner of this object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
visibilityCriteria:
allOf:
- type: object
properties:
expression:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: array
nullable: true
description: List of expressions
items:
type: object
properties:
operator:
type: string
description: Operator for the expression
enum:
- AND
- EQUALS
example: EQUALS
attribute:
type: string
description: Name for the attribute
example: location
nullable: true
value:
type: object
nullable: true
properties:
type:
type: string
description: The type of attribute value
example: STRING
value:
type: string
description: The attribute value
example: Austin
children:
type: string
nullable: true
description: There cannot be anymore nested children. This will always be null.
example: null
example: []
- nullable: true
active:
type: boolean
description: This boolean indicates whether the segment is currently active. Inactive segments have no effect.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/service-desk-integrations:
get:
tags:
- Service Desk Integration
summary: List existing service desk integrations
description: Get a list of Service Desk integration objects.
operationId: getServiceDeskIntegrations
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- name: sorters
in: query
required: false
style: form
explode: true
schema:
type: string
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
example: name
- name: filters
in: query
required: false
style: form
explode: true
schema:
type: string
format: comma-separated
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq*
**type**: *eq, in*
**cluster**: *eq, in*
example: name eq "John Doe"
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: List of ServiceDeskIntegrationDto
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-integration:read'
- 'idn:service-desk-integration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
post:
tags:
- Service Desk Integration
summary: Create new service desk integration
description: Create a new Service Desk integration.
operationId: createServiceDeskIntegration
requestBody:
description: The specifics of a new integration to create
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
required: true
responses:
'200':
description: Details of the created integration
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-integration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
'/service-desk-integrations/{id}':
get:
tags:
- Service Desk Integration
summary: Get a service desk integration
description: Get an existing Service Desk integration by ID.
operationId: getServiceDeskIntegration
parameters:
- name: id
in: path
description: ID of the Service Desk integration to get
required: true
x-sailpoint-resource-operation-id: getServiceDeskIntegrations
style: simple
explode: false
schema:
type: string
example: anId
responses:
'200':
description: ServiceDeskIntegrationDto with the given ID
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-integration:read'
- 'idn:service-desk-integration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
put:
tags:
- Service Desk Integration
summary: Update a service desk integration
description: Update an existing Service Desk integration by ID.
operationId: putServiceDeskIntegration
parameters:
- name: id
in: path
description: ID of the Service Desk integration to update
required: true
x-sailpoint-resource-operation-id: getServiceDeskIntegrations
style: simple
explode: false
schema:
type: string
example: anId
requestBody:
description: The specifics of the integration to update
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
required: true
responses:
'200':
description: ServiceDeskIntegrationDto as updated
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-integration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
delete:
tags:
- Service Desk Integration
summary: Delete a service desk integration
description: Delete an existing Service Desk integration by ID.
operationId: deleteServiceDeskIntegration
parameters:
- name: id
in: path
description: ID of Service Desk integration to delete
required: true
x-sailpoint-resource-operation-id: getServiceDeskIntegrations
style: simple
explode: false
schema:
type: string
example: anId
responses:
'204':
description: Service Desk integration with the given ID successfully deleted
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-integration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
patch:
operationId: patchServiceDeskIntegration
tags:
- Service Desk Integration
summary: Patch a service desk integration
description: Update an existing Service Desk integration by ID with a PATCH request.
parameters:
- name: id
in: path
description: ID of the Service Desk integration to update
required: true
x-sailpoint-resource-operation-id: getServiceDeskIntegrations
style: simple
explode: false
schema:
type: string
example: anId
requestBody:
required: true
description: |
A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Only `replace` operations are accepted by this endpoint.
A 403 Forbidden Error indicates that a PATCH operation was attempted that is not allowed.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /ownerRef
value:
id: 2c9180867d05b227017d09921a205b4d
type: IDENTITY
name: Angelo Medici
responses:
'200':
description: ServiceDeskIntegrationDto as updated
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-integration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
/service-desk-integrations/types:
get:
tags:
- Service Desk Integration
summary: List service desk integration types
description: This API endpoint returns the current list of supported Service Desk integration types.
operationId: getServiceDeskIntegrationTypes
responses:
'200':
description: Responds with an array of the currently supported Service Desk integration types.
content:
application/json:
schema:
type: array
items:
description: This represents a Service Desk Integration template type.
required:
- type
- scriptName
type: object
properties:
name:
description: This is the name of the type.
example: aName
type: string
type:
description: This is the type value for the type.
example: aType
type: string
scriptName:
description: This is the scriptName attribute value for the type.
example: aScriptName
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-integration:read'
- 'idn:service-desk-integration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
'/service-desk-integrations/templates/{scriptName}':
get:
tags:
- Service Desk Integration
summary: Service desk integration template by scriptname
description: This API endpoint returns an existing Service Desk integration template by scriptName.
operationId: getServiceDeskIntegrationTemplate
parameters:
- name: scriptName
in: path
description: The scriptName value of the Service Desk integration template to get
required: true
x-sailpoint-resource-operation-id: getServiceDeskIntegrations
style: simple
explode: false
schema:
type: string
example: aScriptName
responses:
'200':
description: Responds with the ServiceDeskIntegrationTemplateDto with the specified scriptName.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
description: 'This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.'
required:
- type
- attributes
- provisioningConfig
properties:
type:
description: The 'type' property specifies the type of the Service Desk integration template.
type: string
example: Web Service SDIM
default: Web Service SDIM
attributes:
description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template.
type: object
additionalProperties: true
example:
property: value
key: value
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-integration:read'
- 'idn:service-desk-integration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
/service-desk-integrations/status-check-configuration:
get:
tags:
- Service Desk Integration
summary: Get the time check configuration
description: Get the time check configuration of queued SDIM tickets.
operationId: getStatusCheckDetails
responses:
'200':
description: QueuedCheckConfigDetails containing the configured values
content:
application/json:
schema:
description: Configuration of maximum number of days and interval for checking Service Desk integration queue status.
required:
- provisioningStatusCheckIntervalMinutes
- provisioningMaxStatusCheckDays
type: object
properties:
provisioningStatusCheckIntervalMinutes:
description: Interval in minutes between status checks
type: string
example: 30
provisioningMaxStatusCheckDays:
description: Maximum number of days to check
type: string
example: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-integration:read'
- 'idn:service-desk-integration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
put:
tags:
- Service Desk Integration
summary: Update the time check configuration
description: Update the time check configuration of queued SDIM tickets.
operationId: updateStatusCheckDetails
requestBody:
description: The modified time check configuration
content:
application/json:
schema:
description: Configuration of maximum number of days and interval for checking Service Desk integration queue status.
required:
- provisioningStatusCheckIntervalMinutes
- provisioningMaxStatusCheckDays
type: object
properties:
provisioningStatusCheckIntervalMinutes:
description: Interval in minutes between status checks
type: string
example: 30
provisioningMaxStatusCheckDays:
description: Maximum number of days to check
type: string
example: 2
required: true
responses:
'200':
description: QueuedCheckConfigDetails as updated
content:
application/json:
schema:
description: Configuration of maximum number of days and interval for checking Service Desk integration queue status.
required:
- provisioningStatusCheckIntervalMinutes
- provisioningMaxStatusCheckDays
type: object
properties:
provisioningStatusCheckIntervalMinutes:
description: Interval in minutes between status checks
type: string
example: 30
provisioningMaxStatusCheckDays:
description: Maximum number of days to check
type: string
example: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-integration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
/query-password-info:
post:
operationId: queryPasswordInfo
tags:
- Password Management
summary: Query password info
security:
- applicationAuth: []
description: |
This API is used to query password related information.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
userName:
type: string
description: The login name of the user
example: Abby.Smith
sourceName:
type: string
description: The display name of the source
example: My-AD
responses:
'200':
description: Reference to the password info.
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
description: Identity ID
example: 2c918085744fec4301746f9a5bce4605
sourceId:
type: string
description: source ID
example: 2c918083746f642c01746f990884012a
publicKeyId:
type: string
description: public key ID
example: N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVh
publicKey:
type: string
description: User's public key with Base64 encoding
example: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB
accounts:
type: array
description: Account info related to queried identity and source
items:
type: object
properties:
accountId:
type: string
description: 'Account ID of the account. This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350'
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
accountName:
type: string
description: 'Display name of the account. This is specified per account schema in the source configuration. It is used to display name of the account. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-Name-for/ta-p/74008'
example: Abby.Smith
policies:
type: array
description: Password constraints
items:
type: string
example:
- passwordRepeatedChar is 3
- passwordMinAlpha is 1
- passwordMinLength is 5
- passwordMinNumeric is 1
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/set-password:
post:
operationId: setPassword
tags:
- Password Management
summary: Set identity's password
security:
- applicationAuth: []
description: |
This API is used to set a password for an identity.
An identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their ISC user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or ["authorization_code" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow).
>**Note: If you want to set an identity's source account password, you must enable `PASSWORD` as one of the source's features. You can use the [PATCH Source endpoint](https://developer.sailpoint.com/docs/api/v3/update-source) to add the `PASSWORD` feature.**
To generate the encryptedPassword (RSA encrypted using publicKey) for the request body, run the following command:
```bash
echo -n "myPassword" | openssl pkeyutl -encrypt -inkey public_key.pem -pubin | base64
```
In this example, myPassword is the plain text password being set and encrypted, and public_key.pem is the path to the public key file. You can retrieve the required publicKey, along with other information like identityId, sourceId, publicKeyId, accounts, and policies, using the Query Password Info endpoint.
To successfully run this command, you must have OpenSSL installed on your machine. If OpenSSL is unavailable, consider using the Virtual Appliance (VA), which has OpenSSL pre-installed and configured.
If you are using a Windows machine, refer to this [guide](https://tecadmin.net/install-openssl-on-windows/) for instructions on installing OpenSSL.
You can then use [Get Password Change Request Status](https://developer.sailpoint.com/idn/api/v3/get-password-change-status) to check the password change request status. To do so, you must provide the `requestId` from your earlier request to set the password.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
description: The identity ID that requested the password change
example: 8a807d4c73c545510173c545f0a002ff
encryptedPassword:
type: string
description: The RSA encrypted password
example: XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A==
publicKeyId:
type: string
description: The encryption key ID
example: YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2
accountId:
type: string
description: 'Account ID of the account This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350'
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
sourceId:
type: string
description: The ID of the source for which identity is requesting the password change
example: 8a807d4c73c545510173c545d4b60246
responses:
'202':
description: Reference to the password change.
content:
application/json:
schema:
type: object
properties:
requestId:
type: string
nullable: true
description: The password change request ID
example: 089899f13a8f4da7824996191587bab9
state:
type: string
enum:
- IN_PROGRESS
- FINISHED
- FAILED
description: Password change state
example: IN_PROGRESS
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/password-change-status/{id}':
get:
operationId: getPasswordChangeStatus
tags:
- Password Management
summary: Get password change request status
security:
- userAuth: []
- applicationAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
description: This API returns the status of a password change request.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: setPassword
example: 089899f13a8f4da7824996191587bab9
description: Password change request ID
responses:
'200':
description: Status of the password change request
content:
application/json:
schema:
type: object
properties:
requestId:
type: string
nullable: true
description: The password change request ID
example: 089899f13a8f4da7824996191587bab9
state:
type: string
enum:
- IN_PROGRESS
- FINISHED
- FAILED
description: Password change state
example: IN_PROGRESS
errors:
type: array
items:
type: string
description: The errors during the password change request
example:
- The password change payload is invalid
sourceIds:
type: array
items:
type: string
description: List of source IDs in the password change request
example:
- 2c918083746f642c01746f990884012a
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/password-dictionary:
get:
operationId: getPasswordDictionary
tags:
- Password Dictionary
summary: Get password dictionary
description: |-
This gets password dictionary for the organization.
The password dictionary file can contain lines that are:
1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing
2. empty lines
3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines
4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed;
maximum length of the line is 128 Unicode codepoints
Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line).
Password dict file must contain UTF-8 characters only.
# Sample password text file
```
# Password dictionary small test file
locale=en_US
# Password dictionary prohibited words
qwerty
abcd
aaaaa
password
qazxsws
```
security:
- userAuth:
- 'idn:password-dictionary-management:read'
x-sailpoint-userLevels:
- ORG_ADMIN
responses:
'200':
description: A password dictionary response
content:
text/plain:
schema:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putPasswordDictionary
tags:
- Password Dictionary
summary: Update password dictionary
description: |-
This updates password dictionary for the organization.
The password dictionary file can contain lines that are:
1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing
2. empty lines
3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines
4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed;
maximum length of the line is 128 Unicode codepoints
Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line).
Password dict file must contain UTF-8 characters only.
# Sample password text file
```
# Password dictionary small test file
locale=en_US
# Password dictionary prohibited words
qwerty
abcd
aaaaa
password
qazxsws
```
security:
- userAuth:
- 'idn:password-dictionary:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
requestBody:
required: true
description: The password dictionary file to be uploaded.
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'200':
description: Successfully updated.
'201':
description: Created.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/password-org-config:
get:
operationId: getPasswordOrgConfig
tags:
- Password Configuration
summary: Get password org config
description: 'This API returns the password org config . Requires ORG_ADMIN, API role or authorization scope of ''idn:password-org-config:read'''
security:
- userAuth:
- 'idn:password-org-config:read'
responses:
'200':
description: Reference to the password org config.
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
customInstructionsEnabled: true
digitTokenDurationMinutes: 9
digitTokenEnabled: false
digitTokenLength: 6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putPasswordOrgConfig
tags:
- Password Configuration
summary: Update password org config
description: |-
This API updates the password org config for specified fields. Other fields will keep original value.
You must set the `customInstructionsEnabled` field to "true" to be able to use custom password instructions.
Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write'
security:
- userAuth:
- 'idn:password-org-config:write'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
digitTokenEnabled: true
digitTokenDurationMinutes: 12
responses:
'200':
description: Reference to the password org config.
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
customInstructionsEnabled: true
digitTokenDurationMinutes: 12
digitTokenEnabled: true
digitTokenLength: 6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createPasswordOrgConfig
tags:
- Password Configuration
summary: Create password org config
description: |-
This API creates the password org config. Unspecified fields will use default value.
To be able to use the custom password instructions, you must set the `customInstructionsEnabled` field to "true".
Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write'
security:
- userAuth:
- 'idn:password-org-config:write'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
customInstructionsEnabled: true
digitTokenEnabled: true
digitTokenDurationMinutes: 12
digitTokenLength: 9
responses:
'200':
description: Reference to the password org config.
content:
application/json:
schema:
type: object
properties:
customInstructionsEnabled:
type: boolean
description: Indicator whether custom password instructions feature is enabled. The default value is false.
default: false
example: true
digitTokenEnabled:
type: boolean
description: Indicator whether "digit token" feature is enabled. The default value is false.
default: false
example: true
digitTokenDurationMinutes:
type: integer
format: int32
description: The duration of "digit token" in minutes. The default value is 5.
minimum: 1
maximum: 60
default: 5
example: 10
digitTokenLength:
type: integer
format: int32
description: The length of "digit token". The default value is 6.
minimum: 6
maximum: 18
default: 6
example: 9
example:
customInstructionsEnabled: true
digitTokenDurationMinutes: 9
digitTokenEnabled: true
digitTokenLength: 12
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/reports/{taskResultId}/result':
get:
tags:
- Reports Data Extraction
description: Get the report results for a report that was run or is running. Returns empty report result in case there are no active task definitions with used in payload task definition name.
operationId: getReportResult
summary: Get report result
security:
- userAuth:
- 'sp:report-result:read'
parameters:
- in: path
name: taskResultId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: startReport
description: Unique identifier of the task result which handled report
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: completed
schema:
type: boolean
default: false
required: false
description: state of task result to apply ordering when results are fetching from the DB
example: true
responses:
'200':
description: Details about report that was run or is running.
content:
application/json:
schema:
type: object
description: Details about report result or current state.
properties:
reportType:
type: string
enum:
- ACCOUNTS
- IDENTITIES_DETAILS
- IDENTITIES
- IDENTITY_PROFILE_IDENTITY_ERROR
- ORPHAN_IDENTITIES
- SEARCH_EXPORT
- UNCORRELATED_ACCOUNTS
description: Use this property to define what report should be processed in the RDE service.
example: IDENTITIES_DETAILS
taskDefName:
type: string
description: Name of the task definition which is started to process requesting report. Usually the same as report name
example: Identities Details Report
id:
type: string
description: Unique task definition identifier.
example: a248c16fe22222b2bd49615481311111
created:
type: string
description: Report processing start date
format: date-time
example: '2020-09-07T42:14:00.364Z'
status:
type: string
enum:
- SUCCESS
- FAILURE
- WARNING
- TERMINATED
description: Report current state or result status.
example: SUCCESS
duration:
type: integer
format: int64
description: Report processing time in ms.
example: 342
rows:
type: integer
format: int64
description: Report size in rows.
example: 37
availableFormats:
type: array
items:
type: string
enum:
- CSV
- PDF
description: 'Output report file formats. This are formats for calling get endpoint as a query parameter ''fileFormat''. In case report won''t have this argument there will be [''CSV'', ''PDF''] as default.'
example:
- CSV
examples:
identityDetailsReport:
summary: Identities details report result.
value:
reportType: IDENTITIES_DETAILS
taskDefName: Identities Details Report
id: 1e01d272b8084c4fa12fcf8fa898102d
created: '2023-09-07T42:14:05.122Z'
status: SUCCESS
duration: 3681
rows: 193
availableFormats:
- CSV
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/reports/run:
post:
tags:
- Reports Data Extraction
description: 'Use this API to run a report according to report input details. If non-concurrent task is already running then it returns, otherwise new task creates and returns.'
operationId: startReport
summary: Run report
security:
- userAuth:
- 'sp:report:manage'
- applicationAuth:
- 'sp:report:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
- REPORT_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
requestBody:
content:
application/json:
schema:
type: object
description: Details about report to be processed.
properties:
reportType:
type: string
enum:
- ACCOUNTS
- IDENTITIES_DETAILS
- IDENTITIES
- IDENTITY_PROFILE_IDENTITY_ERROR
- ORPHAN_IDENTITIES
- SEARCH_EXPORT
- UNCORRELATED_ACCOUNTS
description: Use this property to define what report should be processed in the RDE service.
example: ACCOUNTS
arguments:
anyOf:
- title: ACCOUNTS
type: object
description: Arguments for Account Export report (ACCOUNTS)
required:
- application
- sourceName
properties:
application:
type: string
description: Source ID.
example: 2c9180897eSourceIde781782f705b9
sourceName:
type: string
description: Source name.
example: Active Directory
- title: IDENTITIES_DETAILS
type: object
description: Arguments for Identities Details report (IDENTITIES_DETAILS)
required:
- correlatedOnly
properties:
correlatedOnly:
type: boolean
description: Flag to specify if only correlated identities are included in report.
default: false
example: true
- title: IDENTITIES
type: object
description: Arguments for Identities report (IDENTITIES)
properties:
correlatedOnly:
type: boolean
description: Flag to specify if only correlated identities are included in report.
default: false
example: true
- title: IDENTITY_PROFILE_IDENTITY_ERROR
type: object
description: Arguments for Identity Profile Identity Error report (IDENTITY_PROFILE_IDENTITY_ERROR)
required:
- authoritativeSource
properties:
authoritativeSource:
type: string
description: Source ID.
example: 1234sourceId5678902
- title: ORPHAN_IDENTITIES
type: object
description: Arguments for Orphan Identities report (ORPHAN_IDENTITIES)
properties:
selectedFormats:
type: array
items:
type: string
enum:
- CSV
- PDF
description: 'Output report file formats. These are formats for calling GET endpoint as query parameter ''fileFormat''. In case report won''t have this argument there will be [''CSV'', ''PDF''] as default.'
example:
- CSV
- title: SEARCH_EXPORT
type: object
description: |
Arguments for Search Export report (SEARCH_EXPORT)
The report file generated will be a zip file containing csv files of the search results.
required:
- query
properties:
indices:
description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.'
externalDocs:
description: Learn more about search indices here.
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html'
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- entitlements
query:
description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'name:a*'
columns:
description: |
Comma separated string consisting of technical attribute names of fields to include in report.
Use `access.spread`, `apps.spread`, `accounts.spread` to include respective identity access details.
Use `accessProfiles.spread` to unclude access profile details.
Use `entitlements.spread` to include entitlement details.
type: string
example: 'displayName,firstName,lastName,email,created,attributes.cloudLifecycleState'
sort:
description: The fields to be used to sort the search results. Use + or - to specify the sort direction.
type: array
items:
type: string
example:
- displayName
- +id
- title: UNCORRELATED_ACCOUNTS
type: object
description: Arguments for Uncorrelated Accounts report (UNCORRELATED_ACCOUNTS)
properties:
selectedFormats:
type: array
items:
type: string
enum:
- CSV
- PDF
description: 'Output report file formats. These are formats for calling GET endpoint as query parameter ''fileFormat''. In case report won''t have this argument there will be [''CSV'', ''PDF''] as default.'
example:
- CSV
example:
application: 2c9180897e7742b2017e781782f705b9
sourceName: Active Directory
description: The string-object map(dictionary) with the arguments needed for report processing.
examples:
Account Export Report:
summary: Account export report
value:
reportType: ACCOUNTS
arguments:
application: 2c9180897eSourceIde781782f705b9
sourceName: Active Directory
Identities Details Report:
summary: Identities details report
value:
reportType: IDENTITIES_DETAILS
arguments:
correlatedOnly: true
Identities Report:
summary: Identities report
value:
reportType: IDENTITIES
arguments:
correlatedOnly: true
Identity Profile Identity Error Report:
summary: Identity profile identity error report
value:
reportType: IDENTITY_PROFILE_IDENTITY_ERROR
arguments:
authoritativeSource: 2c9180847de347aa017de8ef09167792
Orphan Identities Report:
summary: Orphan identities report
value:
reportType: ORPHAN_IDENTITIES
arguments:
selectedFormats:
- CSV
- PDF
Search Export Report:
summary: Search export report
value:
reportType: SEARCH_EXPORT
arguments:
indices:
- identities
query: 'attributes.city:London'
columns: 'displayName,firstName,lastName,email,attributes.city,created,attributes.cloudLifecycleState,access.spread'
sort:
- +displayName
Uncorrelated Accounts Report:
summary: Uncorrelated accounts report
value:
reportType: UNCORRELATED_ACCOUNTS
arguments:
selectedFormats:
- CSV
- PDF
required: true
responses:
'200':
description: Details about running report task.
content:
application/json:
schema:
type: object
description: 'Details about job or task type, state and lifecycle.'
properties:
type:
type: string
enum:
- QUARTZ
- QPOC
- MENTOS
- QUEUED_TASK
description: 'Type of the job or task underlying in the report processing. It could be a quartz task, QPOC or MENTOS jobs or a refresh/sync task.'
example: MENTOS
id:
type: string
description: Unique task definition identifier.
example: a248c16fe22222b2bd49615481311111
reportType:
type: string
enum:
- ACCOUNTS
- IDENTITIES_DETAILS
- IDENTITIES
- IDENTITY_PROFILE_IDENTITY_ERROR
- ORPHAN_IDENTITIES
- SEARCH_EXPORT
- UNCORRELATED_ACCOUNTS
description: Use this property to define what report should be processed in the RDE service.
example: IDENTITIES_DETAILS
description:
type: string
description: Description of the report purpose and/or contents.
example: A detailed view of the identities in the system.
parentName:
type: string
nullable: true
description: Name of the parent task/report if exists.
example: Audit Report
launcher:
type: string
description: Name of the report processing initiator.
example: cloudadmin
created:
type: string
description: Report creation date
format: date-time
example: '2020-09-07T42:14:00.364Z'
launched:
type: string
nullable: true
format: date-time
description: Report start date
example: '2020-09-07T42:14:00.521Z'
completed:
type: string
nullable: true
format: date-time
description: Report completion date
example: '2020-09-07T42:14:01.137Z'
completionStatus:
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
description: Report completion status.
example: Success
messages:
type: array
description: List of the messages dedicated to the report. From task definition perspective here usually should be warnings or errors.
example: []
items:
type: object
properties:
type:
type: string
description: Type of the message.
enum:
- INFO
- WARN
- ERROR
example: WARN
error:
type: boolean
default: false
description: Flag whether message is an error.
example: false
warning:
type: boolean
default: false
description: Flag whether message is a warning.
example: true
key:
type: string
description: Message string identifier.
example: 'The following account(s) failed to correlate: A,B,C'
localizedText:
type: string
description: Message context with the locale based language.
example: 'The following account(s) failed to correlate: A,B,C'
returns:
type: array
description: 'Task definition results, if necessary.'
example: []
items:
type: object
properties:
displayLabel:
type: string
description: Attribute description.
example: ' '
attributeName:
type: string
description: System or database attribute name.
example: ' '
attributes:
type: object
description: Extra attributes map(dictionary) needed for the report.
example:
org: an-org
progress:
type: string
nullable: true
description: Current report state.
example: Initializing...
examples:
identityDetailsReport:
summary: Identities details report task result.
value:
reportType: IDENTITIES_DETAILS
taskDefName: Identities Details Report
type: QUARTZ
id: a248c16fe22222b2bd49615481311111
created: '2023-09-07T42:14:00.364Z'
description: A detailed view of the identities in the system.
parentName: Audit Report
launcher: '9832285'
launched: '2023-09-07T42:14:00.521Z'
completed: '2023-09-07T42:14:01.137Z'
messages: []
returns: []
attributes:
org: an-org
progress: Initializing...
searchExportReport:
summary: Identities details report task result.
value:
reportType: SEARCH_EXPORT
taskDefName: Search Export
type: QUARTZ
id: a248c16fe22222b2bd49615481311111
created: '2023-09-07T42:14:11.137Z'
description: Extract query data from ElasticSearch to CSV
parentName: null
launcher: T05293
launched: '2020-09-07T42:14:11.137Z'
completed: '2020-09-07T42:14:13.451Z'
messages: []
returns: []
attributes:
queryHash: 5e12cf79c67d92e23d4d8cb3e974f87d164e86d4a48d32ecf89645cacfd3f2
org: an-org
queryParams:
columns: 'displayName,firstName,lastName,email,created,attributes.cloudLifecycleState,tags,access.spread,apps.pread,accounts.spread'
indices: identities
ownerId: 95ecba5c5444439c999aec638ce2a777
query: 700007
sort: displayName
progress: Initializing...
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/reports/{id}/cancel':
post:
tags:
- Reports Data Extraction
description: Cancels a running report.
operationId: cancelReport
summary: Cancel report
security:
- userAuth:
- 'sp:report:delete'
parameters:
- name: id
in: path
description: ID of the running Report to cancel
required: true
x-sailpoint-resource-operation-id: startReport
style: simple
explode: false
schema:
type: string
example: a1ed223247144cc29d23c632624b4767
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/reports/{taskResultId}':
get:
tags:
- Reports Data Extraction
description: Gets a report in file format.
operationId: getReport
summary: Get report file
security:
- userAuth:
- 'sp:report:read'
parameters:
- in: path
name: taskResultId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: startReport
description: Unique identifier of the task result which handled report
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: fileFormat
schema:
type: string
enum:
- csv
- pdf
required: true
description: Output format of the requested report file
example: csv
- in: query
name: name
required: false
schema:
type: string
example: Identities Details Report
description: 'preferred Report file name, by default will be used report name from task result.'
- in: query
name: auditable
required: false
schema:
type: boolean
default: false
example: true
description: Enables auditing for current report download. Will create an audit event and sent it to the REPORT cloud-audit kafka topic. Event will be created if there is any result present by requested taskResultId.
responses:
'200':
description: Report file in selected format. CSV by default.
content:
application/csv:
schema:
type: string
format: binary
application/pdf:
schema:
type: string
format: binary
headers:
Content-disposition:
description: The requested report's filename
schema:
type: string
example: attachment;filename=\"fileName"
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text:
File Not Found - 404 Error
The requested file was not found.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-policies:
post:
security:
- userAuth:
- 'idn:sod-policy:write'
operationId: createSodPolicy
tags:
- SOD Policies
summary: Create sod policy
description: |-
This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy.
Requires role of ORG_ADMIN.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
name: Conflicting-Policy-Name
description: This policy ensures compliance of xyz
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
name: General-Policy-Name
responses:
'201':
description: SOD policy created
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: This policy ensures compliance of xyz
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
security:
- userAuth:
- 'idn:sod-policy:read'
operationId: listSodPolicies
tags:
- SOD Policies
summary: List sod policies
description: |-
This gets list of all SOD policies.
Requires role of ORG_ADMIN
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in*
**state**: *eq, in*
example: id eq "bc693f07e7b645539626c25954c58554"
required: false
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'id,name'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, description**
responses:
'200':
description: List of all SOD policies.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
example:
- id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: This policy ensures compliance of xyz
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
- description: Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}':
get:
security:
- userAuth:
- 'idn:sod-policy:read'
operationId: getSodPolicy
tags:
- SOD Policies
summary: Get sod policy by id
description: |-
This gets specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSodPolicies
description: The ID of the SOD Policy to retrieve.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
responses:
'200':
description: SOD policy ID.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: This policy ensures compliance of xyz
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
security:
- userAuth:
- 'idn:sod-policy:write'
operationId: putSodPolicy
tags:
- SOD Policies
summary: Update sod policy by id
description: |-
This updates a specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSodPolicies
description: The ID of the SOD policy to update.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
name: Conflicting-Policy-Name
description: Modified Description
externalPolicyReference: XYZ policy
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Modified Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
responses:
'200':
description: SOD Policy by ID
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: Modified description
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a68
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a69
General Policy:
value:
description: Modified Description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
security:
- userAuth:
- 'idn:sod-policy:write'
operationId: deleteSodPolicy
tags:
- SOD Policies
summary: Delete sod policy by id
description: |-
This deletes a specified SOD policy.
Requires role of ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSodPolicies
description: The ID of the SOD Policy to delete.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
- in: query
name: logical
schema:
type: boolean
default: true
description: Indicates whether this is a soft delete (logical true) or a hard delete. Soft delete marks the policy as deleted and just save it with this status. It could be fully deleted or recovered further. Hard delete vise versa permanently delete SOD request during this call.
example: true
required: false
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
security:
- userAuth:
- 'idn:sod-policy:write'
operationId: patchSodPolicy
tags:
- SOD Policies
summary: Patch sod policy by id
description: |-
Allows updating SOD Policy fields other than ["id","created","creatorId","policyQuery","type"] using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Requires role of ORG_ADMIN.
This endpoint can only patch CONFLICTING_ACCESS_BASED type policies. Do not use this endpoint to patch general policies - doing so will build an API exception.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSodPolicies
description: The ID of the SOD policy being modified.
example: 2c918083-5d19-1a86-015d-28455b4a2329
requestBody:
required: true
description: |
A list of SOD Policy update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* description
* ownerRef
* externalPolicyReference
* compensatingControls
* correctionAdvice
* state
* tags
* violationOwnerAssignmentConfig
* scheduled
* conflictingAccessCriteria
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Conflicting Access Based Policy:
value:
- op: replace
path: /description
value: Modified description
- op: replace
path: /conflictingAccessCriteria/leftCriteria/name
value: money-in-modified
- op: replace
path: /conflictingAccessCriteria/rightCriteria
value:
name: money-out-modified
criteriaList:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
General Policy:
value:
- op: replace
path: /description
value: Modified description
responses:
'200':
description: 'Indicates the PATCH operation succeeded, and returns the SOD policy''s new representation.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Policy id
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
name:
type: string
description: Policy Business Name
example: policy-xyz
created:
type: string
format: date-time
description: The time when this SOD policy is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: Optional description of the SOD policy
example: This policy ensures compliance of xyz
nullable: true
ownerRef:
type: object
description: The owner of the SOD policy.
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
externalPolicyReference:
type: string
description: Optional External Policy Reference
example: XYZ policy
nullable: true
policyQuery:
type: string
description: Search query of the SOD policy
example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)'
compensatingControls:
type: string
description: Optional compensating controls(Mitigating Controls)
example: Have a manager review the transaction decisions for their "out of compliance" employee
nullable: true
correctionAdvice:
type: string
description: Optional correction advice
example: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
nullable: true
state:
type: string
description: whether the policy is enforced or not
enum:
- ENFORCED
- NOT_ENFORCED
example: ENFORCED
tags:
type: array
description: tags for this policy object
example:
- TAG1
- TAG2
items:
type: string
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
nullable: true
readOnly: true
violationOwnerAssignmentConfig:
nullable: true
type: object
properties:
assignmentRule:
type: string
enum:
- MANAGER
- STATIC
- null
description: |-
Details about the violations owner.
MANAGER - identity's manager
STATIC - Governance Group or Identity
example: MANAGER
nullable: true
ownerRef:
type: object
description: The owner of the violation assignment config.
nullable: true
properties:
type:
type: string
description: Owner type.
enum:
- IDENTITY
- GOVERNANCE_GROUP
- MANAGER
- null
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
scheduled:
type: boolean
description: defines whether a policy has been scheduled or not
example: true
default: false
type:
type: string
description: whether a policy is query based or conflicting access based
default: GENERAL
enum:
- GENERAL
- CONFLICTING_ACCESS_BASED
example: GENERAL
conflictingAccessCriteria:
allOf:
- type: object
properties:
leftCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
rightCriteria:
type: object
properties:
name:
type: string
description: Business name for the access construct list
example: money-in
criteriaList:
type: array
description: List of criteria. There is a min of 1 and max of 50 items in the list.
minItems: 1
maxItems: 50
items:
type: object
properties:
type:
type: string
enum:
- ENTITLEMENT
description: Type of the propery to which this reference applies to
example: ENTITLEMENT
id:
type: string
description: ID of the object to which this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies to
example: Administrator
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
name: Administrator
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
name: Administrator
- nullable: true
examples:
Conflicting Access Based Policy:
value:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Conflicting-Policy-Name
created: '2020-01-01T00:00:00.000000Z'
modified: '2020-01-01T00:00:00.000000Z'
description: Modified description
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Owner Name
externalPolicyReference: XYZ policy
policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c918087682f9a86016839c0509c1ab2)'
compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee
correctionAdvice: 'Based on the role of the employee, managers should remove access that is not required for their job function.'
state: ENFORCED
tags:
- string
creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
violationOwnerAssignmentConfig:
assignmentRule: MANAGER
ownerRef:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: Violation Owner Name
scheduled: true
type: CONFLICTING_ACCESS_BASED
conflictingAccessCriteria:
leftCriteria:
name: money-in-modified
criteriaList:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
rightCriteria:
name: money-out-modified
criteriaList:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
General Policy:
value:
description: Modified description
ownerRef:
type: IDENTITY
id: 2c918087682f9a86016839c05e8f1aff
name: Owner Name
externalPolicyReference: New policy
policyQuery: policy query implementation
compensatingControls: Compensating controls
correctionAdvice: Correction advice
tags: []
state: ENFORCED
scheduled: false
creatorId: 2c918087682f9a86016839c05e8f1aff
modifierId: null
violationOwnerAssignmentConfig: null
type: GENERAL
conflictingAccessCriteria: null
id: 52c11db4-733e-4c31-949a-766c95ec95f1
name: General-Policy-Name
created: '2020-05-12T19:47:38Z'
modified: '2020-05-12T19:47:38Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}/evaluate':
post:
security:
- userAuth:
- 'idn:sod-violation:write'
operationId: startEvaluateSodPolicy
tags:
- SOD Policies
summary: Evaluate one policy by id
description: Runs the scheduled report for the policy retrieved by passed policy ID. The report schedule is fetched from the policy retrieved by ID.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSodPolicies
description: The SOD policy ID to run.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
responses:
'200':
description: Reference to the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: PENDING
type: REPORT_RESULT
id: 37b3b32a-f394-46f8-acad-b5223969fa68
name: Multi Query Report
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}/schedule':
get:
security:
- userAuth:
- 'idn:sod-policy:read'
operationId: getSodPolicySchedule
tags:
- SOD Policies
summary: Get sod policy schedule
description: This endpoint gets a specified SOD policy's schedule.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSodPolicies
description: The ID of the SOD policy schedule to retrieve.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
responses:
'200':
description: SOD policy schedule.
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: SOD Policy schedule name
example: SCH-1584312283015
created:
type: string
format: date-time
description: The time when this SOD policy schedule is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy schedule is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: SOD Policy schedule description
example: Schedule for policy xyz
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
type: array
items:
type: object
description: SOD policy recipient.
properties:
type:
type: string
description: SOD policy recipient DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: SOD policy recipient's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: SOD policy recipient's display name.
example: Michael Michaels
emailEmptyResults:
type: boolean
description: Indicates if empty results need to be emailed
example: false
default: false
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a47c944bf3a2bd742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a47c944bf3a2bd742580fe3bde
readOnly: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
security:
- userAuth:
- 'idn:sod-policy:write'
operationId: putPolicySchedule
tags:
- SOD Policies
summary: Update sod policy schedule
description: This updates schedule for a specified SOD policy.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSodPolicies
description: The ID of the SOD policy to update its schedule.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: SOD Policy schedule name
example: SCH-1584312283015
created:
type: string
format: date-time
description: The time when this SOD policy schedule is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy schedule is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: SOD Policy schedule description
example: Schedule for policy xyz
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
type: array
items:
type: object
description: SOD policy recipient.
properties:
type:
type: string
description: SOD policy recipient DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: SOD policy recipient's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: SOD policy recipient's display name.
example: Michael Michaels
emailEmptyResults:
type: boolean
description: Indicates if empty results need to be emailed
example: false
default: false
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a47c944bf3a2bd742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a47c944bf3a2bd742580fe3bde
readOnly: true
responses:
'200':
description: Created or updated SOD policy schedule.
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: SOD Policy schedule name
example: SCH-1584312283015
created:
type: string
format: date-time
description: The time when this SOD policy schedule is created.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
modified:
type: string
format: date-time
description: The time when this SOD policy schedule is modified.
example: '2020-01-01T00:00:00.000000Z'
readOnly: true
description:
type: string
description: SOD Policy schedule description
example: Schedule for policy xyz
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
type: array
items:
type: object
description: SOD policy recipient.
properties:
type:
type: string
description: SOD policy recipient DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: SOD policy recipient's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: SOD policy recipient's display name.
example: Michael Michaels
emailEmptyResults:
type: boolean
description: Indicates if empty results need to be emailed
example: false
default: false
creatorId:
type: string
description: Policy's creator ID
example: 0f11f2a47c944bf3a2bd742580fe3bde
readOnly: true
modifierId:
type: string
description: Policy's modifier ID
example: 0f11f2a47c944bf3a2bd742580fe3bde
readOnly: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
security:
- userAuth:
- 'idn:sod-policy:write'
operationId: deleteSodPolicySchedule
tags:
- SOD Policies
summary: Delete sod policy schedule
description: This deletes schedule for a specified SOD policy by ID.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSodPolicies
description: The ID of the SOD policy the schedule must be deleted for.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
responses:
'204':
description: No content response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}/violation-report/run':
post:
security:
- userAuth:
- 'idn:sod-violation:write'
operationId: startSodPolicy
tags:
- SOD Policies
summary: Runs sod policy violation report
description: 'This invokes processing of violation report for given SOD policy. If the policy reports more than 5000 violations, the report returns with violation limit exceeded message.'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSodPolicies
description: The SOD policy ID to run.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
responses:
'200':
description: Reference to the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: PENDING
type: REPORT_RESULT
id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d
name: policy-xyz
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/{id}/violation-report':
get:
security:
- userAuth:
- 'idn:sod-violation:read'
operationId: getSodViolationReportStatus
tags:
- SOD Policies
summary: Get sod violation report status
description: This gets the status for a violation report run task that has already been invoked.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: startSodPolicy
description: The ID of the violation report to retrieve status for.
example: ef38f943-47e9-4562-b5bb-8424a56397d8
responses:
'200':
description: Status of the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: SUCCESS
type: REPORT_RESULT
id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d
name: policy-xyz
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-policies/sod-violation-report-status/{reportResultId}':
get:
security:
- userAuth:
- 'idn:sod-violation:read'
operationId: getSodViolationReportRunStatus
tags:
- SOD Policies
summary: Get violation report run status
description: This gets the status for a violation report run task that has already been invoked.
parameters:
- in: path
name: reportResultId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getSodAllReportRunStatus
description: The ID of the report reference to retrieve.
example: 2e8d8180-24bc-4d21-91c6-7affdb473b0d
responses:
'200':
description: Status of the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: SUCCESS
type: REPORT_RESULT
id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d
name: policy-xyz
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-violations/predict:
post:
security:
- userAuth:
- 'idn:sod-violation:read'
- applicationAuth:
- 'idn:sod-violation:read'
x-sailpoint-userLevels:
- ORG_ADMIN
operationId: startPredictSodViolations
tags:
- SOD Violations
summary: Predict sod violations for identity.
description: This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies. Returns the violations that would be caused.
requestBody:
required: true
content:
application/json:
schema:
description: An identity with a set of access to be added
required:
- identityId
- accessRefs
type: object
properties:
identityId:
description: Identity id to be checked.
type: string
example: 2c91808568c529c60168cca6f90c1313
accessRefs:
description: The list of entitlements to consider for possible violations in a preventive check.
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
example:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c050861ab1
name: 'CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local'
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
name: 'CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local'
example:
identityId: 2c91808568c529c60168cca6f90c1313
accessRefs:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c050861ab1
name: 'CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local'
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
name: 'CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local'
responses:
'200':
description: Violation Contexts
content:
application/json:
schema:
description: An object containing a listing of the SOD violation reasons detected by this check.
required:
- requestId
type: object
properties:
violationContexts:
type: array
description: List of Violation Contexts
items:
type: object
properties:
policy:
allOf:
- type: object
description: SOD policy.
properties:
type:
type: string
description: SOD policy DTO type.
enum:
- SOD_POLICY
example: SOD_POLICY
id:
type: string
description: SOD policy ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: SOD policy display name.
example: Business SOD Policy
- type: object
properties:
type:
type: string
example: SOD_POLICY
name:
type: string
example: A very cool policy name
description: The types of objects supported for SOD violations
properties:
type:
enum:
- ENTITLEMENT
example: ENTITLEMENT
description: The type of object that is referenced
conflictingAccessCriteria:
nullable: false
description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
type: object
properties:
leftCriteria:
type: object
properties:
criteriaList:
type: array
description: List of exception criteria. There is a min of 1 and max of 50 items in the list.
items:
allOf:
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local'
existing:
type: boolean
description: Whether the subject identity already had that access or not
default: false
example: true
description: Access reference with addition of boolean existing flag to indicate whether the access was extant
description: The types of objects supported for SOD violations
properties:
type:
enum:
- ENTITLEMENT
example: ENTITLEMENT
description: The type of object that is referenced
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
existing: true
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
existing: false
rightCriteria:
type: object
properties:
criteriaList:
type: array
description: List of exception criteria. There is a min of 1 and max of 50 items in the list.
items:
allOf:
- type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: 'CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local'
existing:
type: boolean
description: Whether the subject identity already had that access or not
default: false
example: true
description: Access reference with addition of boolean existing flag to indicate whether the access was extant
description: The types of objects supported for SOD violations
properties:
type:
enum:
- ENTITLEMENT
example: ENTITLEMENT
description: The type of object that is referenced
example:
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a66
existing: true
- type: ENTITLEMENT
id: 2c9180866166b5b0016167c32ef31a67
existing: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-violations/check:
post:
security:
- userAuth:
- 'idn:sod-violation:read'
x-sailpoint-userLevels:
- ORG_ADMIN
operationId: startViolationCheck
tags:
- SOD Violations
summary: Check sod violations
description: This API initiates a SOD policy verification asynchronously.
requestBody:
required: true
content:
application/json:
schema:
description: An identity with a set of access to be added
required:
- identityId
- accessRefs
type: object
properties:
identityId:
description: Set of identity IDs to be checked.
type: string
example: 2c91809050db617d0150e0bf3215385e
accessRefs:
description: The bundle of access profiles to be added to the identities specified. All references must be ENTITLEMENT type.
type: array
items:
allOf:
- type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
clientMetadata:
type: object
additionalProperties:
type: string
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
example:
clientName: client1
clientId: 2c91808f7892918f0178b78da4a305a1
example:
identityId: 2c91808568c529c60168cca6f90c1313
accessRefs:
- type: ENTITLEMENT
id: 2c918087682f9a86016839c050861ab1
name: 'CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local'
- type: ENTITLEMENT
id: 2c918087682f9a86016839c0509c1ab2
name: 'CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local'
clientMetadata:
additionalProp1: string
additionalProp2: string
additionalProp3: string
responses:
'202':
description: Request ID with a timestamp.
content:
application/json:
schema:
description: An object referencing an SOD violation check
required:
- requestId
type: object
properties:
requestId:
description: The id of the original request
example: 089899f13a8f4da7824996191587bab9
type: string
created:
type: string
format: date-time
readOnly: true
description: The date-time when this request was created.
example: '2020-01-01T00:00:00.000000Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-violation-report/run:
post:
security:
- userAuth:
- 'idn:sod-violation:write'
operationId: startSodAllPoliciesForOrg
tags:
- SOD Policies
summary: Runs all policies for org
description: 'Runs multi-policy report for the org. If a policy reports more than 5000 violations, the report mentions that the violation limit was exceeded for that policy. If the request is empty, the report runs for all policies. Otherwise, the report runs for only the filtered policy list provided.'
requestBody:
required: false
content:
application/json:
schema:
type: object
properties:
filteredPolicyList:
type: array
description: Multi-policy report will be run for this list of ids
items:
type: string
example:
- b868cd40-ffa4-4337-9c07-1a51846cfa94
- 63a07a7b-39a4-48aa-956d-50c827deba2a
example:
filteredPolicyList:
- b868cd40-ffa4-4337-9c07-1a51846cfa94
- 63a07a7b-39a4-48aa-956d-50c827deba2a
responses:
'200':
description: Reference to the violation report run task.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: PENDING
type: REPORT_RESULT
id: 37b3b32a-f394-46f8-acad-b5223969fa68
name: Multi Query Report
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sod-violation-report:
get:
security:
- userAuth:
- 'idn:sod-violation:read'
operationId: getSodAllReportRunStatus
tags:
- SOD Policies
summary: Get multi-report run task status
description: This endpoint gets the status for a violation report for all policy run.
responses:
'200':
description: Status of the violation report run task for all policy run.
content:
application/json:
schema:
allOf:
- type: object
description: SOD policy violation report result.
properties:
type:
type: string
description: SOD policy violation report result DTO type.
enum:
- REPORT_RESULT
example: REPORT_RESULT
id:
type: string
description: SOD policy violation report result ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of the SOD policy violation report result.
example: SOD Policy 1 Violation
- type: object
properties:
status:
type: string
description: Status of a SOD policy violation report.
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
- PENDING
example: PENDING
example:
status: SUCCESS
type: REPORT_RESULT
id: 37b3b32a-f394-46f8-acad-b5223969fa68
name: Multi Query Report
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-violation-report/{reportResultId}/download':
get:
security:
- userAuth:
- 'idn:sod-violation:read'
operationId: getDefaultViolationReport
tags:
- SOD Policies
summary: Download violation report
description: This allows to download a violation report for a given report reference.
parameters:
- in: path
name: reportResultId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: startSodPolicy
description: The ID of the report reference to download.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Returns the PolicyReport.zip that contains the violation report file.
content:
application/zip:
schema:
type: string
format: binary
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sod-violation-report/{reportResultId}/download/{fileName}':
get:
security:
- userAuth:
- 'idn:sod-violation:read'
operationId: getCustomViolationReport
tags:
- SOD Policies
summary: Download custom violation report
description: This allows to download a specified named violation report for a given report reference.
parameters:
- in: path
name: reportResultId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: startSodPolicy
description: The ID of the report reference to download.
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: fileName
schema:
type: string
required: true
description: Custom Name for the file.
example: custom-name
responses:
'200':
description: Returns the zip file with given custom name that contains the violation report file.
content:
application/zip:
schema:
type: string
format: binary
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sources:
get:
operationId: listSources
security:
- userAuth:
- 'idn:sources:read'
- 'idn:sources:manage'
- applicationAuth:
- 'idn:sources:read'
- 'idn:sources:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- ROLE_SUBADMIN
tags:
- Sources
summary: Lists all sources in identitynow.
description: This end-point lists all the sources in IdentityNow.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: name eq "Employees"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**name**: *co, eq, in, sw, ge, gt, ne, isnull*
**type**: *eq, in, ge, gt, ne, isnull, sw*
**owner.id**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**features**: *ca, co*
**created**: *eq, ge, gt, in, le, lt, ne, isnull, sw*
**modified**: *eq, ge, gt, in, le, lt, ne, isnull, sw*
**managementWorkgroup.id**: *eq, ge, gt, in, le, lt, ne, isnull, sw*
**description**: *eq, sw*
**authoritative**: *eq, ne, isnull*
**healthy**: *isnull*
**status**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
**connectionType**: *eq, ge, gt, in, le, lt, ne, isnull, sw*
**connectorName**: *eq, ge, gt, in, ne, isnull, sw*
**category**: *co, eq, ge, gt, in, le, lt, ne, sw*
- in: query
name: sorters
schema:
type: string
format: comma-separated
example: name
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status, id, description, owner.id, accountCorrelationConfig.id, accountCorrelationConfig.name, managerCorrelationRule.type, managerCorrelationRule.id, managerCorrelationRule.name, authoritative, managementWorkgroup.id, connectorName, connectionType**
- in: query
name: for-subadmin
schema:
type: string
example: name
description: |-
Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.
Subadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned.
- in: query
name: includeIDNSource
required: false
schema:
type: boolean
default: false
example: true
description: Include the IdentityNow source in the response.
responses:
'200':
description: List of Source objects
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter object used during manager correlation to match incoming manager values to an existing manager's
account/identity.
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createSource
security:
- userAuth:
- 'idn:sources:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Sources
summary: Creates a source in identitynow.
description: This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow.
parameters:
- in: query
name: provisionAsCsv
description: 'If this parameter is `true`, it configures the source as a Delimited File (CSV) source. Setting this to `true` will automatically set the `type` of the source to `DelimitedFile`. You must use this query parameter to create a Delimited File source as you would in the UI. If you don''t set this query parameter and you attempt to set the `type` attribute directly, the request won''t correctly generate the source. '
schema:
type: boolean
required: false
example: false
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter object used during manager correlation to match incoming manager values to an existing manager's
account/identity.
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
responses:
'201':
description: 'Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter object used during manager correlation to match incoming manager values to an existing manager's
account/identity.
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}':
get:
operationId: getSource
security:
- userAuth:
- 'idn:sources:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Sources
summary: Get source by id
description: Use this API to get a source by a specified ID in Identity Security Cloud (ISC).
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: Source object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter object used during manager correlation to match incoming manager values to an existing manager's
account/identity.
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putSource
security:
- userAuth:
- 'idn:sources:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Sources
summary: Update source (full)
description: |
Use this API to update a source in Identity Security Cloud (ISC), using a full object representation. This means that when you use this API, it completely replaces the existing source configuration.
These fields are immutable, so they cannot be changed:
* id
* type
* authoritative
* connector
* connectorClass
* passwordPolicies
Attempts to modify these fields will result in a 400 error.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter object used during manager correlation to match incoming manager values to an existing manager's
account/identity.
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
responses:
'200':
description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text so that they aren''t decryptable in Identity Security Cloud (ISC) cloud-based services, per ISC security design.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter object used during manager correlation to match incoming manager values to an existing manager's
account/identity.
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateSource
security:
- userAuth:
- 'idn:sources:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Sources
summary: Update source (partial)
description: |
Use this API to partially update a source in Identity Security Cloud (ISC), using a list of patch operations according to the
[JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
These fields are immutable, so they cannot be changed:
* id
* type
* authoritative
* created
* modified
* connector
* connectorClass
* passwordPolicies
Attempts to modify these fields will result in a 400 error.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Any password changes are submitted as plain-text and encrypted upon receipt in Identity Security Cloud (ISC).'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Edit the source description:
description: This example shows how to edit a source description.
value:
- op: replace
path: /description
value: new description
Edit the source cluster:
description: This example shows how to edit a source cluster by ID.
value:
- op: replace
path: /cluster/id
value: 2c918087813a902001813f3f85736b45
Edit source features:
description: This example illustrates how you can update source supported features.
value:
- op: replace
path: /features
value:
- PASSWORD
- PROVISIONING
- ENABLE
- AUTHENTICATE
Change a source description and cluster in one call:
description: This example shows how multiple fields may be updated with a single PATCH call.
value:
- op: replace
path: /description
value: new description
- op: replace
path: /cluster/id
value: 2c918087813a902001813f3f85736b45
Add a filter string to the connector:
description: 'This example shows how you can add a filter to incoming accounts during the account aggregation process. In the example, any account that does not have an "m" or "d" in the ID will be aggregated.'
value:
- op: add
path: /connectorAttributes/filterString
value: '!( id.contains( "m" ) ) || !( id.contains( "d" ) )'
Update connector attribute for specific operation type:
description: This example shows how you can update the 3rd object in the connection parameter's `operationType`. This changes it from a standard group aggregation to a group aggregation on the "test" entitlement type.
value:
- op: replace
path: /connectorAttributes/connectionParameters/2/operationType
value: Group Aggregation-test
Enable notifications for new account provisioning on a source:
description: This example shows how you can configure and enable email notifications that will send when new accounts are provisioned on a source.
value:
- op: replace
path: /connectorAttributes/accountCreateNotification
value:
notifyList:
- Distribution.list@demo.com
notifyAccountOwner: true
enabled: true
notifyAccountOwnerAltEmail: false
responses:
'200':
description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text so that they aren''t decryptable in Identity Security Cloud (ISC) cloud-based services, per ISC security design.'
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter object used during manager correlation to match incoming manager values to an existing manager's
account/identity.
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSource
security:
- userAuth:
- 'idn:sources:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Sources
summary: Delete source by id
description: |-
Use this API to delete a specific source in Identity Security Cloud (ISC).
The API removes all the accounts on the source first, and then it deletes the source. You can retrieve the actual task execution status with this method: GET `/task-status/{id}`
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- TASK_RESULT
example: TASK_RESULT
id:
type: string
description: Task result ID.
example: 2c91808779ecf55b0179f720942f181a
name:
type: string
description: Task result's human-readable display name (this should be null/empty).
example: null
examples:
deleteSource:
summary: Response returned when a source is being deleted.
value:
type: TASK_RESULT
id: 2c91808779ecf55b0179f720942f181a
name: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/provisioning-policies':
get:
operationId: listProvisioningPolicies
tags:
- Sources
summary: Lists provisioningpolicies
description: This end-point lists all the ProvisioningPolicies in IdentityNow.
security:
- userAuth:
- 'idn:provisioning-policy:read'
- 'idn:provisioning-policy:manage'
- applicationAuth:
- 'idn:provisioning-policy:read'
- 'idn:provisioning-policy:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: List of ProvisioningPolicyDto objects
content:
application/json:
schema:
type: array
items:
type: object
required:
- name
properties:
name:
nullable: true
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createProvisioningPolicy
tags:
- Sources
summary: Create provisioning policy
description: |-
This API generates a create policy/template based on field value transforms. This API is intended for use when setting up JDBC Provisioning type sources, but it will also work on other source types.
Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.
Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.
security:
- userAuth:
- 'idn:provisioning-policy:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
nullable: true
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
examples:
Create Account Provisioning Policy:
value:
name: Account
description: Account Provisioning Policy
usageType: CREATE
fields:
- name: displayName
transform:
type: identityAttribute
attributes:
name: displayName
attributes: {}
isRequired: false
type: string
isMultiValued: false
- name: distinguishedName
transform:
type: usernameGenerator
attributes:
sourceCheck: true
patterns:
- 'CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
- 'CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
fn:
type: identityAttribute
attributes:
name: firstname
ln:
type: identityAttribute
attributes:
name: lastname
fi:
type: substring
attributes:
input:
type: identityAttribute
attributes:
name: firstname
begin: 0
end: 1
fti:
type: substring
attributes:
input:
type: identityAttribute
attributes:
name: firstname
begin: 0
end: 2
attributes:
cloudMaxUniqueChecks: '5'
cloudMaxSize: '100'
cloudRequired: 'true'
isRequired: false
type: ''
isMultiValued: false
- name: description
transform:
type: static
attributes:
value: ''
attributes: {}
isRequired: false
type: string
isMultiValued: false
responses:
'201':
description: Created ProvisioningPolicyDto object
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
nullable: true
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/provisioning-policies/{usageType}':
get:
operationId: getProvisioningPolicy
tags:
- Sources
summary: Get provisioning policy by usagetype
description: This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow.
security:
- userAuth:
- 'idn:provisioning-policy:read'
- 'idn:provisioning-policy-source:read'
- 'idn:provisioning-policy:manage'
- 'idn:provisioning-policy-source-admin-operations:manage'
- applicationAuth:
- 'idn:provisioning-policy:read'
- 'idn:provisioning-policy-source:read'
- 'idn:provisioning-policy:manage'
- 'idn:provisioning-policy-source-admin-operations:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: usageType
required: true
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
example: CREATE
schema:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
responses:
'200':
description: The requested ProvisioningPolicyDto was successfully retrieved.
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
nullable: true
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putProvisioningPolicy
tags:
- Sources
summary: Update provisioning policy by usagetype
description: |-
This end-point updates the provisioning policy with the specified usage on the specified source in IdentityNow.
Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.
Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.
security:
- userAuth:
- 'idn:provisioning-policy:manage'
- 'idn:provisioning-policy-source-admin-operations:manage'
- applicationAuth:
- 'idn:provisioning-policy:manage'
- 'idn:provisioning-policy-source-admin-operations:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: usageType
required: true
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
example: CREATE
schema:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
nullable: true
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
responses:
'200':
description: The ProvisioningPolicyDto was successfully replaced.
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
nullable: true
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateProvisioningPolicy
tags:
- Sources
summary: Partial update of provisioning policy
description: |-
This API selectively updates an existing Provisioning Policy using a JSONPatch payload.
Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning.
Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information.
security:
- userAuth:
- 'idn:provisioning-policy:update'
- applicationAuth:
- 'idn:provisioning-policy:update'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: usageType
required: true
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
example: CREATE
schema:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
requestBody:
required: true
description: The JSONPatch payload used to update the schema.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
add-field:
summary: Add a field to the beginning of the list
value:
- op: add
path: /fields/0
value:
name: email
transform:
type: identityAttribute
attributes:
name: email
attributes: {}
isRequired: false
type: string
isMultiValued: false
responses:
'200':
description: The ProvisioningPolicyDto was successfully updated.
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
nullable: true
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteProvisioningPolicy
tags:
- Sources
summary: Delete provisioning policy by usagetype
description: Deletes the provisioning policy with the specified usage on an application.
security:
- userAuth:
- 'idn:provisioning-policy:manage'
- applicationAuth:
- 'idn:provisioning-policy:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: usageType
required: true
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
example: CREATE
schema:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/provisioning-policies/bulk-update':
post:
operationId: updateProvisioningPoliciesInBulk
tags:
- Sources
summary: Bulk update provisioning policies
description: This end-point updates a list of provisioning policies on the specified source in IdentityNow.
security:
- userAuth:
- 'idn:provisioning-policy:manage'
- applicationAuth:
- 'idn:provisioning-policy:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: object
required:
- name
properties:
name:
nullable: true
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
responses:
'200':
description: A list of the ProvisioningPolicyDto was successfully replaced.
content:
application/json:
schema:
type: array
items:
type: object
required:
- name
properties:
name:
nullable: true
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/schemas':
get:
operationId: getSourceSchemas
security:
- userAuth:
- 'idn:source-schema:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Sources
summary: List schemas on source
description: Use this API to list the schemas that exist on the specified source in Identity Security Cloud (ISC).
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
- in: query
name: include-types
required: false
schema:
type: string
enum:
- group
- user
description: |-
If set to 'group', then the account schema is filtered and only group schemas are returned. Only a value of 'group' is recognized presently.
Note: The API will check whether include-types is group or not, if not, it will list schemas based on include-names, if include-names is not provided, it will list all schemas.
example: group
- in: query
name: include-names
required: false
schema:
type: string
description: A comma-separated list of schema names to filter result.
example: account
responses:
'200':
description: The schemas were successfully retrieved.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
nullable: true
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
- DATE
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
nullable: true
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createSourceSchema
security:
- userAuth:
- 'idn:source-schema:create'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
tags:
- Sources
summary: Create schema on source
description: |
Use this API to create a new schema on the specified source in Identity Security Cloud (ISC).
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
nullable: true
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
- DATE
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
nullable: true
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
responses:
'201':
description: The schema was successfully created on the specified source.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
nullable: true
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
- DATE
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
nullable: true
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/schedules':
get:
operationId: getSourceSchedules
security:
- userAuth:
- 'idn:sources:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Sources
summary: List schedules on source
description: |
Use this API to list the schedules that exist on the specified source in Identity Security Cloud (ISC).
:::info
This endpoint uses a **cron expression** to schedule a task, following standard **cron job syntax**.
For example, `0 0 12 1/1 * ? *` runs the task **daily at 12:00 PM**.
**Days of the week are represented as 1-7 (Sunday-Saturday).**
:::
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: The schedules were successfully retrieved.
content:
application/json:
schema:
type: array
items:
type: object
required:
- type
- cronExpression
properties:
type:
type: string
enum:
- ACCOUNT_AGGREGATION
- GROUP_AGGREGATION
description: The type of the Schedule.
example: ACCOUNT_AGGREGATION
cronExpression:
type: string
description: The cron expression of the schedule.
example: '0 0 5,13,21 * * ?'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createSourceSchedule
security:
- userAuth:
- 'idn:sources:update'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Sources
summary: Create schedule on source
description: |
Use this API to create a new schedule for a type on the specified source in Identity Security Cloud (ISC).
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- type
- cronExpression
properties:
type:
type: string
enum:
- ACCOUNT_AGGREGATION
- GROUP_AGGREGATION
description: The type of the Schedule.
example: ACCOUNT_AGGREGATION
cronExpression:
type: string
description: The cron expression of the schedule.
example: '0 0 5,13,21 * * ?'
responses:
'201':
description: The schedule was successfully created on the specified source.
content:
application/json:
schema:
type: object
required:
- type
- cronExpression
properties:
type:
type: string
enum:
- ACCOUNT_AGGREGATION
- GROUP_AGGREGATION
description: The type of the Schedule.
example: ACCOUNT_AGGREGATION
cronExpression:
type: string
description: The cron expression of the schedule.
example: '0 0 5,13,21 * * ?'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/schedules/{scheduleType}':
get:
operationId: getSourceSchedule
security:
- userAuth:
- 'idn:sources:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Sources
summary: Get source schedule by type
description: |
Get the source schedule by type in Identity Security Cloud (ISC).
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: scheduleType
schema:
type: string
enum:
- ACCOUNT_AGGREGATION
- GROUP_AGGREGATION
required: true
description: The Schedule type.
example: ACCOUNT_AGGREGATION
responses:
'200':
description: The requested Schedule was successfully retrieved.
content:
application/json:
schema:
type: object
required:
- type
- cronExpression
properties:
type:
type: string
enum:
- ACCOUNT_AGGREGATION
- GROUP_AGGREGATION
description: The type of the Schedule.
example: ACCOUNT_AGGREGATION
cronExpression:
type: string
description: The cron expression of the schedule.
example: '0 0 5,13,21 * * ?'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateSourceSchedule
security:
- userAuth:
- 'idn:sources:update'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Sources
summary: Update source schedule (partial)
description: |
Use this API to selectively update an existing Schedule using a JSONPatch payload.
The following schedule fields are immutable and cannot be updated:
- type
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: scheduleType
schema:
type: string
enum:
- ACCOUNT_AGGREGATION
- GROUP_AGGREGATION
required: true
description: The Schedule type.
example: ACCOUNT_AGGREGATION
requestBody:
required: true
description: The JSONPatch payload used to update the schedule.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
add-attribute:
summary: Replace an attribute of the schedule
value:
- op: replace
path: /cronExpression
value: 0 0 6 * * ?
responses:
'200':
description: The Schedule was successfully updated.
content:
application/json:
schema:
type: object
required:
- type
- cronExpression
properties:
type:
type: string
enum:
- ACCOUNT_AGGREGATION
- GROUP_AGGREGATION
description: The type of the Schedule.
example: ACCOUNT_AGGREGATION
cronExpression:
type: string
description: The cron expression of the schedule.
example: '0 0 5,13,21 * * ?'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSourceSchedule
security:
- userAuth:
- 'idn:sources:update'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Sources
summary: Delete source schedule by type.
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: scheduleType
schema:
type: string
enum:
- ACCOUNT_AGGREGATION
- GROUP_AGGREGATION
required: true
description: The Schedule type.
example: ACCOUNT_AGGREGATION
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/schemas/{schemaId}':
get:
operationId: getSourceSchema
tags:
- Sources
summary: Get source schema by id
description: |
Get the Source Schema by ID in IdentityNow.
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: schemaId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getSourceSchemas
description: The Schema id.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: The requested Schema was successfully retrieved.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
nullable: true
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
- DATE
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
nullable: true
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putSourceSchema
tags:
- Sources
summary: Update source schema (full)
description: |
This API will completely replace an existing Schema with the submitted payload. Some fields of the Schema cannot be updated. These fields are listed below.
* id
* name
* created
* modified
Any attempt to modify these fields will result in an error response with a status code of 400.
> `id` must remain in the request body, but it cannot be changed. If `id` is omitted from the request body, the result will be a 400 error.
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: schemaId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getSourceSchemas
description: The Schema id.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
nullable: true
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
- DATE
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
nullable: true
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
responses:
'200':
description: The Schema was successfully replaced.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
nullable: true
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
- DATE
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
nullable: true
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateSourceSchema
tags:
- Sources
summary: Update source schema (partial)
description: |
Use this API to selectively update an existing Schema using a JSONPatch payload.
The following schema fields are immutable and cannot be updated:
- id
- name
- created
- modified
To switch an account attribute to a group entitlement, you need to have the following in place:
- `isEntitlement: true`
- Must define a schema for the group and [add it to the source](https://developer.sailpoint.com/idn/api/v3/create-source-schema) before updating the `isGroup` flag. For example, here is the `group` account attribute referencing a schema that defines the group:
```json
{
"name": "groups",
"type": "STRING",
"schema": {
"type": "CONNECTOR_SCHEMA",
"id": "2c9180887671ff8c01767b4671fc7d60",
"name": "group"
},
"description": "The groups, roles etc. that reference account group objects",
"isMulti": true,
"isEntitlement": true,
"isGroup": true
}
```
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: schemaId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getSourceSchemas
description: The Schema id.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
description: The JSONPatch payload used to update the schema.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
add-attribute:
summary: Add an attribute to the end of the list
value:
- op: add
path: /attributes/-
value:
name: location
type: STRING
schema: null
description: Employee location
isMulti: false
isEntitlement: false
isGroup: false
responses:
'200':
description: The Schema was successfully updated.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
nullable: true
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
- DATE
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
nullable: true
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSourceSchema
tags:
- Sources
summary: Delete source schema by id
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
- in: path
name: schemaId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getSourceSchemas
description: The Schema id.
example: 2c9180835d191a86015d28455b4a2329
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/source-health':
get:
operationId: getSourceHealth
security:
- userAuth:
- 'idn:sources:read'
tags:
- Sources
summary: Fetches source health by id
description: This endpoint fetches source health by source's id
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: Fetched source health successfully
content:
application/json:
schema:
type: object
description: Dto for source health data
properties:
id:
type: string
readOnly: true
description: the id of the Source
example: 2c91808568c529c60168cca6f90c1324
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
name:
type: string
description: the name of the source
example: Source1234
org:
type: string
description: source's org
example: denali-cjh
isAuthoritative:
type: boolean
example: false
description: Is the source authoritative
isCluster:
type: boolean
example: false
description: Is the source in a cluster
hostname:
type: string
example: megapod-useast1-secret-hostname.sailpoint.com
description: source's hostname
pod:
type: string
description: source's pod
example: megapod-useast1
iqServiceVersion:
type: string
nullable: true
description: The version of the iqService
example: iqVersion123
status:
type: string
enum:
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
description: connection test result
example: SOURCE_STATE_UNCHECKED_SOURCE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/schemas/accounts':
get:
tags:
- Sources
summary: Downloads source accounts schema template
description: |-
This API downloads the CSV schema that defines the account attributes on a source.
>**NOTE: This API is designated only for Delimited File sources.**
operationId: getAccountsSchema
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
responses:
'200':
description: Successfully downloaded the file
content:
text/csv:
example: 'id,name,givenName,familyName,e-mail,location,manager,groups,startDate,endDate'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:source-schema:read'
post:
tags:
- Sources
summary: Uploads source accounts schema template
description: |-
This API uploads a source schema template file to configure a source's account attributes.
To retrieve the file to modify and upload, log into Identity Now.
Click **Admin** -> **Connections** -> **Sources** -> **`{SourceName}`** -> **Import Data** -> **Account Schema** -> **Options** -> **Download Schema**
>**NOTE: This API is designated only for Delimited File sources.**
operationId: importAccountsSchema
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'200':
description: Successfully uploaded the file
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
nullable: true
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
- DATE
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
nullable: true
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:source-schema:manage'
'/sources/{id}/schemas/entitlements':
get:
tags:
- Sources
summary: Downloads source entitlements schema template
description: |-
This API downloads the CSV schema that defines the entitlement attributes on a source.
>**NOTE: This API is designated only for Delimited File sources.**
operationId: getEntitlementsSchema
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: schemaName
schema:
type: string
description: Name of entitlement schema
example: '?schemaName=group'
responses:
'200':
description: Successfully downloaded the file
content:
text/csv:
example: 'id,name,displayName,created,description,modified,entitlements,groups,permissions'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:source-schema:read'
post:
tags:
- Sources
summary: Uploads source entitlements schema template
description: |-
This API uploads a source schema template file to configure a source's entitlement attributes.
To retrieve the file to modify and upload, log into Identity Now.
Click **Admin** -> **Connections** -> **Sources** -> **`{SourceName}`** -> **Import Data** -> **Import Entitlements** -> **Download**
>**NOTE: This API is designated only for Delimited File sources.**
operationId: importEntitlementsSchema
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: schemaName
schema:
type: string
description: Name of entitlement schema
example: '?schemaName=group'
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'200':
description: Successfully uploaded the file
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The id of the Schema.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
description: The name of the Schema.
example: account
nativeObjectType:
type: string
description: The name of the object type on the native system that the schema represents.
example: User
identityAttribute:
type: string
description: The name of the attribute used to calculate the unique identifier for an object in the schema.
example: sAMAccountName
displayAttribute:
type: string
description: The name of the attribute used to calculate the display value for an object in the schema.
example: distinguishedName
hierarchyAttribute:
type: string
nullable: true
description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
example: memberOf
includePermissions:
type: boolean
description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
example: false
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
configuration:
type: object
description: Holds any extra configuration data that the schema may require.
example:
groupMemberAttribute: member
attributes:
type: array
description: The attribute definitions which form the schema.
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: sAMAccountName
type:
description: The type of the attribute.
example: STRING
type: string
enum:
- STRING
- LONG
- INT
- BOOLEAN
- DATE
schema:
description: A reference to the schema on the source to the attribute values map to.
type: object
nullable: true
properties:
type:
description: The type of object being referenced
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: The object ID this reference applies to.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The human-readable display name of the object.
example: group
description:
type: string
description: A human-readable description of the attribute.
example: SAM Account Name
isMulti:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
example: false
default: false
isEntitlement:
type: boolean
description: Flag indicating whether or not the attribute is an entitlement.
example: false
default: false
isGroup:
type: boolean
description: |
Flag indicating whether or not the attribute represents a group.
This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute..
example: false
default: false
example:
- name: sAMAccountName
type: STRING
isMultiValued: false
isEntitlement: false
isGroup: false
- name: memberOf
type: STRING
schema:
type: CONNECTOR_SCHEMA
id: 2c9180887671ff8c01767b4671fc7d60
name: group
description: Group membership
isMultiValued: true
isEntitlement: true
isGroup: true
created:
type: string
description: The date the Schema was created.
format: date-time
example: '2019-12-24T22:32:58.104Z'
modified:
type: string
nullable: true
description: The date the Schema was last modified.
format: date-time
example: '2019-12-31T20:22:28.104Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:source-schema:manage'
'/sources/{sourceId}/upload-connector-file':
post:
operationId: importConnectorFile
security:
- userAuth:
- 'idn:sources-admin:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Sources
summary: Upload connector file to source
parameters:
- in: path
name: sourceId
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The Source id.
example: 2c9180835d191a86015d28455b4a2329
description: This uploads a supplemental source connector file (like jdbc driver jars) to a source's S3 bucket. This also sends ETS and Audit events.
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'200':
description: Uploaded the file successfully and sent all post-upload events
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter object used during manager correlation to match incoming manager values to an existing manager's
account/identity.
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/connections':
get:
operationId: getSourceConnections
security:
- userAuth:
- 'idn:sources:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Sources
summary: Get source connections by id
description: 'Use this API to get all dependent Profiles, Attributes, Applications and Custom Transforms for a source by a specified ID in Identity Security Cloud (ISC).'
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: Source ID.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: Source Connections object.
content:
application/json:
schema:
type: object
properties:
identityProfiles:
type: array
description: The IdentityProfile attached to this source
items:
type: object
properties:
id:
type: string
description: ID of the IdentityProfile this reference applies
example: 76cfddb62818416f816bc494410f46c4
name:
type: string
description: Human-readable display name of the IdentityProfile to which this reference applies
example: ODS-Identity-Profile
identityCount:
type: integer
format: int64
description: The Number of Identities managed by this IdentityProfile
example: 100
credentialProfiles:
type: array
description: Name of the CredentialProfile attached to this source
items:
type: string
example:
- Profile ODS
sourceAttributes:
type: array
description: The attributes attached to this source
items:
type: string
example:
- sAMAccountName
- mail
- sn
- givenName
- displayName
- employeeNumber
- manager
- telephoneNumber
mappingProfiles:
type: array
description: The profiles attached to this source
example:
- ODS-AD-Profile
- ODS-Profile2
items:
type: string
dependentCustomTransforms:
example:
- id: 61190eae-290b-4335-aeb8-7335f1fd99cb
name: Split Transform
type: split
attributes:
delimiter: '-'
index: 1
input:
attributes:
sourceName: Example CSV Source
attributeName: last_name
type: accountAttribute
internal: false
description: A list of custom transforms associated with this source. A transform will be considered associated with a source if any attributes of the transform specify the source as the sourceName.
type: array
items:
allOf:
- type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: `firstDate < secondDate` |
| LTE | Less than or equal to: `firstDate <= secondDate` |
| GT | Strictly greater than: `firstDate > secondDate` |
| GTE | Greater than or equal to: `firstDate >= secondDate` |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Transform rule that needs to be invoked by the transform
example: Transform Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- id
- internal
properties:
id:
type: string
description: Unique ID of this transform
example: 2cd78adghjkja34jh2b1hkjhasuecd
internal:
type: boolean
description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
example: false
default: false
dependentApps:
type: array
items:
type: object
properties:
cloudAppId:
type: string
description: Id of the connected Application
example: 9e3cdd80edf84f119327df8bbd5bb5ac
description:
type: string
description: Description of the connected Application
example: This is a Sailpoint application
enabled:
type: boolean
description: Is the Application enabled
example: true
default: true
provisionRequestEnabled:
type: boolean
description: Is Provisioning enabled for connected Application
example: true
default: true
accountSource:
type: object
description: The Account Source of the connected Application
properties:
useForPasswordManagement:
type: boolean
description: Use this Account Source for password management
example: false
default: false
passwordPolicies:
type: array
description: A list of Password Policies for this Account Source
items:
type: object
properties:
type:
type: string
description: DTO type
example: PASSWORD_POLICY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Policy ODS
launcherCount:
type: integer
format: int64
description: The amount of launchers for connected Application (long type)
example: 100
matchAllAccount:
type: boolean
description: Is Provisioning enabled for connected Application
example: true
default: false
owner:
type: array
description: The owner of the connected Application
items:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
appCenterEnabled:
type: boolean
description: Is App Center enabled for connected Application
example: false
default: false
missingDependents:
type: array
items:
type: object
properties:
dependencyType:
type: string
enum:
- identityProfiles
- credentialProfiles
- mappingProfiles
- sourceAttributes
- dependantCustomTransforms
- dependantApps
description: The type of dependency type that is missing in the SourceConnections
example: dependantApps
reason:
type: string
description: The reason why this dependency is missing
example: 'If there was an error retrieving any dependencies, it would lbe listed here'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/correlation-config':
get:
operationId: getCorrelationConfig
tags:
- Sources
summary: Get source correlation configuration
security:
- userAuth:
- 'idn:sources:read'
- 'idn:sources:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
description: This API returns the existing correlation configuration for a source specified by the given ID.
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: Correlation configuration for a source
content:
application/json:
schema:
type: object
description: Source configuration information that is used by correlation process.
properties:
id:
type: string
nullable: true
description: The ID of the correlation configuration.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
nullable: true
description: The name of the correlation configuration.
example: 'Source [source] Account Correlation'
attributeAssignments:
type: array
nullable: true
description: The list of attribute assignments of the correlation configuration.
items:
type: object
description: The attribute assignment of the correlation configuration.
properties:
property:
type: string
description: The property of the attribute assignment.
example: first_name
value:
type: string
description: The value of the attribute assignment.
example: firstName
operation:
type: string
description: The operation of the attribute assignment.
enum:
- EQ
example: EQ
complex:
type: boolean
description: Whether or not the it's a complex attribute assignment.
default: false
example: false
ignoreCase:
type: boolean
description: Whether or not the attribute assignment should ignore case.
default: false
example: false
matchMode:
type: string
description: The match mode of the attribute assignment.
enum:
- ANYWHERE
- START
- END
example: ANYWHERE
filterString:
type: string
description: The filter string of the attribute assignment.
example: first_name == "John"
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putCorrelationConfig
tags:
- Sources
summary: Update source correlation configuration
security:
- userAuth:
- 'idn:sources:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
description: Replaces the correlation configuration for the source specified by the given ID with the configuration provided in the request body.
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Source configuration information that is used by correlation process.
properties:
id:
type: string
nullable: true
description: The ID of the correlation configuration.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
nullable: true
description: The name of the correlation configuration.
example: 'Source [source] Account Correlation'
attributeAssignments:
type: array
nullable: true
description: The list of attribute assignments of the correlation configuration.
items:
type: object
description: The attribute assignment of the correlation configuration.
properties:
property:
type: string
description: The property of the attribute assignment.
example: first_name
value:
type: string
description: The value of the attribute assignment.
example: firstName
operation:
type: string
description: The operation of the attribute assignment.
enum:
- EQ
example: EQ
complex:
type: boolean
description: Whether or not the it's a complex attribute assignment.
default: false
example: false
ignoreCase:
type: boolean
description: Whether or not the attribute assignment should ignore case.
default: false
example: false
matchMode:
type: string
description: The match mode of the attribute assignment.
enum:
- ANYWHERE
- START
- END
example: ANYWHERE
filterString:
type: string
description: The filter string of the attribute assignment.
example: first_name == "John"
responses:
'200':
description: Updated correlation configuration for a source
content:
application/json:
schema:
type: object
description: Source configuration information that is used by correlation process.
properties:
id:
type: string
nullable: true
description: The ID of the correlation configuration.
example: 2c9180835d191a86015d28455b4a2329
name:
type: string
nullable: true
description: The name of the correlation configuration.
example: 'Source [source] Account Correlation'
attributeAssignments:
type: array
nullable: true
description: The list of attribute assignments of the correlation configuration.
items:
type: object
description: The attribute assignment of the correlation configuration.
properties:
property:
type: string
description: The property of the attribute assignment.
example: first_name
value:
type: string
description: The value of the attribute assignment.
example: firstName
operation:
type: string
description: The operation of the attribute assignment.
enum:
- EQ
example: EQ
complex:
type: boolean
description: Whether or not the it's a complex attribute assignment.
default: false
example: false
ignoreCase:
type: boolean
description: Whether or not the attribute assignment should ignore case.
default: false
example: false
matchMode:
type: string
description: The match mode of the attribute assignment.
enum:
- ANYWHERE
- START
- END
example: ANYWHERE
filterString:
type: string
description: The filter string of the attribute assignment.
example: first_name == "John"
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/password-policies':
patch:
operationId: updatePasswordPolicyHolders
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- ROLE_SUBADMIN
tags:
- Sources
summary: Update password policy
description: |
This API can be used to set up or update Password Policy in IdentityNow for the specified Source.
Source must support PASSWORD feature.
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: The Source id
example: 8c190e6787aa4ed9a90bd9d5344523fb
requestBody:
required: true
content:
application/json:
schema:
type: array
description: List of PasswordPolicyHoldersDto
items:
type: object
properties:
policyId:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
policyName:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
selectors:
type: object
example:
identityAttr:
- name: displayName
value: Robert
- name: lastname
value: Juice
properties:
identityAttr:
description: Attributes of PasswordPolicyHoldersDto
type: array
items:
type: object
properties:
name:
description: Attribute's name
type: string
example: Country
value:
description: Attribute's value
type: string
example: Canada
example:
- policyId: 2c91808e7d976f3b017d9f5ceae440c8
policyName: Default
selectors: null
- policyId: 2c91808e7d976f3b017d9f5ceae440c8
policyName: PasswordPolicy Example
selectors:
identityAttr:
- name: displayName
value: Robert
- name: lastname
value: Case
responses:
'200':
description: Updated Password Policies
content:
application/json:
schema:
type: array
description: List of PasswordPolicyHoldersDto
items:
type: object
properties:
policyId:
type: string
description: The password policy Id.
example: 2c91808e7d976f3b017d9f5ceae440c8
policyName:
type: string
description: The name of the password policy.
example: PasswordPolicy Example
selectors:
type: object
example:
identityAttr:
- name: displayName
value: Robert
- name: lastname
value: Juice
properties:
identityAttr:
description: Attributes of PasswordPolicyHoldersDto
type: array
items:
type: object
properties:
name:
description: Attribute's name
type: string
example: Country
value:
description: Attribute's value
type: string
example: Canada
example:
- policyId: 2c91808e7d976f3b017d9f5ceae440c8
policyName: Default
selectors: null
- policyId: 2c91808e7d976f3b017d9f5ceae440c8
policyName: PasswordPolicy Example
selectors:
identityAttr:
- name: displayName
value: Robert
- name: lastname
value: Case
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:sources:update'
'/sources/{sourceId}/connector/check-connection':
post:
operationId: testSourceConnection
tags:
- Sources
summary: Check connection for source connector.
description: This endpoint validates that the configured credentials are valid and will properly authenticate with the source identified by the sourceId path parameter.
security:
- userAuth:
- 'idn:source-connector:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: The ID of the Source.
example: cef3ee201db947c5912551015ba0c679
responses:
'200':
description: The result of checking connection to the source connector with response from it.
content:
application/json:
schema:
type: object
title: Status Response
description: 'Response model for connection check, configuration test and ping of source connectors.'
properties:
id:
type: string
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Name of the source
example: 'ODS-AD-Test [source-999999]'
readOnly: true
status:
type: string
enum:
- SUCCESS
- FAILURE
description: The status of the health check.
example: SUCCESS
readOnly: true
elapsedMillis:
type: integer
description: The number of milliseconds spent on the entire request.
example: 1000
readOnly: true
details:
type: object
description: |
The document contains the results of the health check.
The schema of this document depends on the type of source used.
readOnly: true
example:
useTLSForIQService: false
IQService:
TLS Port: 0
.NET CLR Version: 4.0.30319.42000
SecondaryServiceStatus: Running
Port: 5050
Host: AUTOMATION-AD
Name: IQService
IQServiceStatus: Running
SecondaryService: IQService-Instance1-Secondary
Version: IQService Sep-2020
secondaryPort: 5051
OS Architecture: AMD64
Operating System: Microsoft Windows Server 2012 R2 Standard
highestDotNetVersion: 4.8 or later
Build Time: '09/22/2020 06:34 AM -0500'
IQServiceClientAuthEnabled: false
requestProcessedOn: '1/19/2021 1:47:14 PM'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/connector/peek-resource-objects':
post:
operationId: searchResourceObjects
tags:
- Sources
summary: Peek source connector's resource objects
description: Retrieves a sample of data returned from account and group aggregation requests.
security:
- userAuth:
- 'idn:source-connector:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: The ID of the Source
example: cef3ee201db947c5912551015ba0c679
requestBody:
required: true
content:
application/json:
schema:
example:
objectType: resource
maxCount: 50
type: object
title: Resource Objects Request
description: Request model for peek resource objects from source connectors.
properties:
objectType:
type: string
description: The type of resource objects to iterate over.
default: account
example: group
maxCount:
type: integer
description: The maximum number of resource objects to iterate over and return.
default: 25
example: 100
responses:
'200':
description: List of resource objects that was fetched from the source connector.
content:
application/json:
schema:
type: object
title: Resource Objects Response
description: Response model for peek resource objects from source connectors.
properties:
id:
type: string
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Name of the source
example: 'ODS-AD-Test [source-999999]'
readOnly: true
objectCount:
type: integer
description: The number of objects that were fetched by the connector.
example: 25
readOnly: true
elapsedMillis:
type: integer
description: The number of milliseconds spent on the entire request.
example: 1055
readOnly: true
resourceObjects:
type: array
items:
type: object
title: Resource Object
description: Representation of the object which is returned from source connectors.
properties:
instance:
description: Identifier of the specific instance where this object resides.
type: string
readOnly: true
identity:
description: Native identity of the object in the Source.
type: string
example: 'CN=Aaron Carr,OU=test1,DC=test2,DC=test'
readOnly: true
uuid:
description: Universal unique identifier of the object in the Source.
type: string
example: '{abf7bd9b-68b4-4d21-9b70-870c58ebf844}'
readOnly: true
previousIdentity:
description: Native identity that the object has previously.
type: string
readOnly: true
name:
description: Display name for this object.
type: string
example: Aaron Carr
readOnly: true
objectType:
description: Type of object.
type: string
example: account
readOnly: true
incomplete:
description: 'A flag indicating that this is an incomplete object. Used in special cases where the connector has to return account information in several phases and the objects might not have a complete set of all account attributes. The attributes in this object will replace the corresponding attributes in the Link, but no other Link attributes will be changed.'
type: boolean
example: false
readOnly: true
incremental:
description: A flag indicating that this is an incremental change object. This is similar to incomplete but it also means that the values of any multi-valued attributes in this object should be merged with the existing values in the Link rather than replacing the existing Link value.
type: boolean
example: false
readOnly: true
delete:
description: A flag indicating that this object has been deleted. This is set only when doing delta aggregation and the connector supports detection of native deletes.
type: boolean
example: false
readOnly: true
remove:
description: A flag set indicating that the values in the attributes represent things to remove rather than things to add. Setting this implies incremental. The values which are always for multi-valued attributes are removed from the current values.
type: boolean
example: false
readOnly: true
missing:
description: A list of attribute names that are not included in this object. This is only used with SMConnector and will only contain "groups".
type: array
items:
type: string
example:
- missFieldOne
- missFieldTwo
readOnly: true
attributes:
description: Attributes of this ResourceObject.
type: object
example:
telephoneNumber: 12-(345)678-9012
mail: example@test.com
displayName: Aaron Carr
readOnly: true
finalUpdate:
description: 'In Aggregation, for sparse object the count for total accounts scanned identities updated is not incremented.'
type: boolean
example: false
readOnly: true
description: Fetched objects from the source connector.
readOnly: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/connector/ping-cluster':
post:
operationId: pingCluster
tags:
- Sources
summary: Ping cluster for source connector
description: This endpoint validates that the cluster being used by the source is reachable from IdentityNow.
security:
- userAuth:
- 'idn:source-connector:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: The ID of the Source
example: cef3ee201db947c5912551015ba0c679
responses:
'200':
description: The result of pinging connection with the source connector.
content:
application/json:
schema:
type: object
title: Status Response
description: 'Response model for connection check, configuration test and ping of source connectors.'
properties:
id:
type: string
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Name of the source
example: 'ODS-AD-Test [source-999999]'
readOnly: true
status:
type: string
enum:
- SUCCESS
- FAILURE
description: The status of the health check.
example: SUCCESS
readOnly: true
elapsedMillis:
type: integer
description: The number of milliseconds spent on the entire request.
example: 1000
readOnly: true
details:
type: object
description: |
The document contains the results of the health check.
The schema of this document depends on the type of source used.
readOnly: true
example:
useTLSForIQService: false
IQService:
TLS Port: 0
.NET CLR Version: 4.0.30319.42000
SecondaryServiceStatus: Running
Port: 5050
Host: AUTOMATION-AD
Name: IQService
IQServiceStatus: Running
SecondaryService: IQService-Instance1-Secondary
Version: IQService Sep-2020
secondaryPort: 5051
OS Architecture: AMD64
Operating System: Microsoft Windows Server 2012 R2 Standard
highestDotNetVersion: 4.8 or later
Build Time: '09/22/2020 06:34 AM -0500'
IQServiceClientAuthEnabled: false
requestProcessedOn: '1/19/2021 1:47:14 PM'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/connector/test-configuration':
post:
operationId: testSourceConfiguration
tags:
- Sources
summary: Test configuration for source connector
description: This endpoint performs a more detailed validation of the source''s configuration that can take longer than the lighter weight credential validation performed by the checkConnection API.
security:
- userAuth:
- 'idn:source-connector:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: sourceId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: The ID of the Source
example: cef3ee201db947c5912551015ba0c679
responses:
'200':
description: The result of testing source connector configuration with response from it.
content:
application/json:
schema:
type: object
title: Status Response
description: 'Response model for connection check, configuration test and ping of source connectors.'
properties:
id:
type: string
description: ID of the source
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Name of the source
example: 'ODS-AD-Test [source-999999]'
readOnly: true
status:
type: string
enum:
- SUCCESS
- FAILURE
description: The status of the health check.
example: SUCCESS
readOnly: true
elapsedMillis:
type: integer
description: The number of milliseconds spent on the entire request.
example: 1000
readOnly: true
details:
type: object
description: |
The document contains the results of the health check.
The schema of this document depends on the type of source used.
readOnly: true
example:
useTLSForIQService: false
IQService:
TLS Port: 0
.NET CLR Version: 4.0.30319.42000
SecondaryServiceStatus: Running
Port: 5050
Host: AUTOMATION-AD
Name: IQService
IQServiceStatus: Running
SecondaryService: IQService-Instance1-Secondary
Version: IQService Sep-2020
secondaryPort: 5051
OS Architecture: AMD64
Operating System: Microsoft Windows Server 2012 R2 Standard
highestDotNetVersion: 4.8 or later
Build Time: '09/22/2020 06:34 AM -0500'
IQServiceClientAuthEnabled: false
requestProcessedOn: '1/19/2021 1:47:14 PM'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/connectors/source-config':
get:
operationId: getSourceConfig
tags:
- Sources
summary: Gets source config with language-translations
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
description: Looks up and returns the source config for the requested source id after populating the source config values and applying language translations.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: The Source id
example: cef3ee201db947c5912551015ba0c679
- in: query
name: locale
schema:
type: string
enum:
- de
- false
- fi
- sv
- ru
- pt
- ko
- zh-TW
- en
- it
- fr
- zh-CN
- hu
- es
- cs
- ja
- pl
- da
- nl
description: 'The locale to apply to the config. If no viable locale is given, it will default to "en"'
example: en
required: false
responses:
'200':
description: A Connector Detail object
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: The connector name
example: name
type:
type: string
description: The connector type
example: ServiceNow
className:
type: string
description: The connector class name
example: class name
scriptName:
type: string
description: The connector script name
example: servicenow
applicationXml:
type: string
description: The connector application xml
example: |
correlationConfigXml:
type: string
description: The connector correlation config xml
example: "\n\n\n\n\n\n\t\n\t\t\n\t\t\n\t\t\n\t\n\n"
sourceConfigXml:
type: string
description: The connector source config xml
example: |-
sourceConfig:
type: string
nullable: true
description: The connector source config
example: |-
sourceConfigFrom:
type: string
nullable: true
description: The connector source config origin
example: sp-connect
s3Location:
type: string
description: storage path key for this connector
example: custom-connector/scriptname
uploadedFiles:
type: array
description: The list of uploaded files supported by the connector. If there was any executable files uploaded to thee connector. Typically this be empty as the executable be uploaded at source creation.
nullable: true
items:
type: string
example:
- pod/org/connectorFiles/testconnector/test1.jar
fileUpload:
type: boolean
description: true if the source is file upload
example: true
default: false
directConnect:
type: boolean
description: true if the source is a direct connect source
example: true
default: false
translationProperties:
type: object
description: A map containing translation attributes by loacale key
additionalProperties: true
example:
de: |-
# Copyright (C) 2024 SailPoint Technologies, Inc. All rights reserved.
# DO NOT EDIT. This file is generated by "sailpointTranslate" command.
menuLabel_ConnectionSettings=Verbindungseinstellungen
menuLabel_AggregationSettings=Aggregationseinstellungen
sectionLabel_AuthenticationSettings=Verbindungseinstellungen
sectionLabel_AggregationSettings=Aggregationseinstellungen
sectionInfo_AuthenticationSettings=Konfigurieren Sie eine direkte Verbindung zwischen der Quelle Delinea Secret Server On-Premise und IdentityNow.
Geben Sie bei Zeit\u00fcberschreitung bei Verbindung die maximal erlaubte Zeitdauer (in Minuten) f\u00fcr die Verbindung von IdentityNow mit der Quelle ein.
Geben Sie die Host-URL der Delinea-SCIM-Serverquelle ein.
Geben Sie den API-Token der Quelle zur Authentifizierung ein.
sectionInfo_AggregationSettings=Geben Sie die Einstellungen f\u00fcr Ihre Aggregation an.
Geben Sie in das Feld Seitengr\u00f6\u00dfe die Anzahl an Kontoeintr\u00e4gen ein, die auf einer einzelnen Seite aggregiert werden sollen, wenn gro\u00dfe Datens\u00e4tze durchlaufen werden. \n Geben Sie im Kontofilter die Bedingungen f\u00fcr den Kontofilter an. Beispiel: userName sw "S"
Geben Sie im Gruppenfilter die Gruppenfilterbedingungen an. Beispiel: displayName sw "S".
placeHolder_accAggregation=userName sw "S"
placeHolder_grpAggregation=displayName sw "S"
placeHolder_host=https://{Delinea_SCIM_Server_host}/v2
docLinkLabel_AuthenticationSettings=Mehr \u00fcber Verbindungseinstellungen
docLinkLabel_Filters=Mehr \u00fcber Konto- und Gruppenfilter
HostURL=Host-URL
ConnectionTimeout=Zeit\u00fcberschreitung bei Verbindung
API_TOKEN=API-Token
JSONPathMapping=JSON-Path-Attribut-Mapping
FilterConditionForAccounts=Kontofilter
FilterConditionForGroups=Gruppenfilter
Page_Size=Seitengr\u00f6\u00dfe
SchemaAttribute=Schema-Attribut
JSONpath=JSON-Pfad
ShortDesc=Das Integrationsmodul IdentityNow f\u00fcr Delinea Secret Server On-Premise bietet die M\u00f6glichkeit einer tiefen Governance f\u00fcr Konten und Gruppen. Es unterst\u00fctzt au\u00dferdem das End-to-End-Lebenszyklus-Management.
connectorMetadata:
type: object
description: A map containing metadata pertinent to the UI to be used
additionalProperties: true
example:
supportedUI: EXTJS
platform: ccg
shortDesc: connector description
status:
type: string
enum:
- DEPRECATED
- DEVELOPMENT
- DEMO
- RELEASED
description: The connector status
example: RELEASED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/tagged-objects:
get:
operationId: listTaggedObjects
security:
- userAuth:
- 'idn:tag:read'
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: List tagged objects
description: |-
This API returns a list of all tagged objects.
Any authenticated token may be used to call this API.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**objectRef.id**: *eq, in*
**objectRef.type**: *eq, in*
**tagName**: *eq, in*
example: tagName eq "BU_FINANCE"
required: false
responses:
'200':
description: List of all tagged objects.
content:
application/json:
schema:
type: array
items:
type: object
description: Tagged object.
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: setTagToObject
security:
- userAuth:
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Add tag to object
description: |-
This adds a tag to an object.
Any authenticated token may be used to call this API.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Tagged object.
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
responses:
'201':
description: Created.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/tagged-objects/{type}':
get:
operationId: listTaggedObjectsByType
security:
- userAuth:
- 'idn:tag:read'
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: List tagged objects by type
description: |-
This API returns a list of all tagged objects by type.
Any authenticated token may be used to call this API.
parameters:
- in: path
name: type
schema:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
required: true
description: The type of tagged object to retrieve.
example: ROLE
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**objectRef.id**: *eq*
**objectRef.type**: *eq*
example: objectRef.id eq "2c91808568c529c60168cca6f90c1313"
required: false
responses:
'200':
description: List of all tagged objects for specified type.
content:
application/json:
schema:
type: array
items:
type: object
description: Tagged object.
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/tagged-objects/{type}/{id}':
get:
operationId: getTaggedObject
security:
- userAuth:
- 'idn:tag:read'
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Get tagged object
description: This gets a tagged object for the specified type.
parameters:
- in: path
name: type
schema:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
required: true
description: The type of tagged object to retrieve.
example: ROLE
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listTaggedObjects
description: The ID of the object reference to retrieve.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Tagged object by type and ID.
content:
application/json:
schema:
type: object
description: Tagged object.
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putTaggedObject
security:
- userAuth:
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Update tagged object
description: This updates a tagged object for the specified type.
parameters:
- in: path
name: type
schema:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
required: true
description: The type of tagged object to update.
example: ROLE
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listTaggedObjects
description: The ID of the object reference to update.
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Tagged object.
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
responses:
'200':
description: Tagged object by type and ID.
content:
application/json:
schema:
type: object
description: Tagged object.
properties:
objectRef:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Labels to be applied to an Object
example:
- BU_FINANCE
- PCI
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteTaggedObject
security:
- userAuth:
- 'idn:tag:manage'
tags:
- Tagged Objects
summary: Delete object tags
description: Delete all tags from a tagged object.
parameters:
- in: path
name: type
schema:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
required: true
description: The type of object to delete tags from.
example: ROLE
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listTaggedObjects
description: The ID of the object to delete tags from.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
description: No content.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/tagged-objects/bulk-add:
post:
operationId: setTagsToManyObjects
security:
- userAuth:
- 'idn:tag:manage'
- applicationAuth:
- 'idn:tag:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
- REPORT_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Tagged Objects
summary: Tag multiple objects
description: This API adds tags to multiple objects.
requestBody:
required: true
description: 'Supported object types are ACCESS_PROFILE, APPLICATION, CAMPAIGN, ENTITLEMENT, IDENTITY, ROLE, SOD_POLICY, SOURCE.'
content:
application/json:
schema:
type: object
properties:
objectRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Label to be applied to an Object
example:
- BU_FINANCE
- PCI
operation:
type: string
enum:
- APPEND
- MERGE
default: APPEND
description: |-
If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object.
If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored.
example: MERGE
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: array
items:
type: object
properties:
objectRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Label to be applied to an Object
example:
- BU_FINANCE
- PCI
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/tagged-objects/bulk-remove:
post:
operationId: deleteTagsToManyObject
security:
- userAuth:
- 'idn:tag:manage'
- applicationAuth:
- 'idn:tag:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
- REPORT_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
tags:
- Tagged Objects
summary: Remove tags from multiple objects
description: This API removes tags from multiple objects.
requestBody:
description: 'Supported object types are ACCESS_PROFILE, APPLICATION, CAMPAIGN, ENTITLEMENT, IDENTITY, ROLE, SOD_POLICY, SOURCE.'
required: true
content:
application/json:
schema:
type: object
properties:
objectRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- APPLICATION
- CAMPAIGN
- ENTITLEMENT
- IDENTITY
- ROLE
- SOD_POLICY
- SOURCE
example: IDENTITY
description: DTO type
id:
type: string
description: ID of the object this reference applies to
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object this reference applies to
example: William Wilson
tags:
type: array
items:
type: string
description: Label to be applied to an Object
example:
- BU_FINANCE
- PCI
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/transforms:
get:
tags:
- Transforms
summary: List transforms
description: Gets a list of all saved transform objects.
operationId: listTransforms
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: name
in: query
description: Name of the transform to retrieve from the list.
required: false
style: form
schema:
type: string
example: ExampleTransformName123
- name: filters
in: query
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**internal**: *eq*
**name**: *eq, sw*
required: false
style: form
explode: true
example: name eq "Uppercase"
schema:
type: string
responses:
'200':
description: A list of transforms matching the given criteria.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: `firstDate < secondDate` |
| LTE | Less than or equal to: `firstDate <= secondDate` |
| GT | Strictly greater than: `firstDate > secondDate` |
| GTE | Greater than or equal to: `firstDate >= secondDate` |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Transform rule that needs to be invoked by the transform
example: Transform Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- id
- internal
properties:
id:
type: string
description: Unique ID of this transform
example: 2cd78adghjkja34jh2b1hkjhasuecd
internal:
type: boolean
description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
example: false
default: false
example:
- id: 2cd78adghjkja34jh2b1hkjhasuecd
name: Timestamp To Date
type: dateFormat
attributes:
inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS'
outputFormat: yyyy/dd/MM
internal: false
- id: 2lkas8dhj4bkuakja77giih7l4ashh
name: PrefixSubstring
type: substring
attributes:
begin: 0
end: 3
internal: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:transform:read'
- 'idn:transform:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
post:
tags:
- Transforms
summary: Create transform
description: 'Creates a new transform object immediately. By default, the internal flag is set to false to indicate that this is a custom transform. Only SailPoint employees have the ability to create a transform with internal set to true. Newly created Transforms can be used in the Identity Profile mappings within the UI.'
operationId: createTransform
requestBody:
required: true
description: The transform to be created.
content:
application/json:
schema:
type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: `firstDate < secondDate` |
| LTE | Less than or equal to: `firstDate <= secondDate` |
| GT | Strictly greater than: `firstDate > secondDate` |
| GTE | Greater than or equal to: `firstDate >= secondDate` |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Transform rule that needs to be invoked by the transform
example: Transform Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
example:
name: Timestamp To Date
type: dateFormat
attributes:
inputFormat: 'MMM dd yyyy, HH:mm:ss.SSS'
outputFormat: yyyy/dd/MM
responses:
'201':
description: Indicates the transform was successfully created and returns its representation.
content:
application/json:
schema:
allOf:
- type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: `firstDate < secondDate` |
| LTE | Less than or equal to: `firstDate <= secondDate` |
| GT | Strictly greater than: `firstDate > secondDate` |
| GTE | Greater than or equal to: `firstDate >= secondDate` |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Transform rule that needs to be invoked by the transform
example: Transform Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- id
- internal
properties:
id:
type: string
description: Unique ID of this transform
example: 2cd78adghjkja34jh2b1hkjhasuecd
internal:
type: boolean
description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
example: false
default: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:transform:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
'/transforms/{id}':
get:
tags:
- Transforms
summary: Transform by id
description: This API returns the transform specified by the given ID.
operationId: getTransform
parameters:
- name: id
in: path
description: ID of the transform to retrieve
required: true
x-sailpoint-resource-operation-id: listTransforms
style: simple
explode: false
example: 2cd78adghjkja34jh2b1hkjhasuecd
schema:
type: string
responses:
'200':
description: Transform with the given ID
content:
application/json:
schema:
allOf:
- type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: `firstDate < secondDate` |
| LTE | Less than or equal to: `firstDate <= secondDate` |
| GT | Strictly greater than: `firstDate > secondDate` |
| GTE | Greater than or equal to: `firstDate >= secondDate` |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Transform rule that needs to be invoked by the transform
example: Transform Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- id
- internal
properties:
id:
type: string
description: Unique ID of this transform
example: 2cd78adghjkja34jh2b1hkjhasuecd
internal:
type: boolean
description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
example: false
default: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:transform:read'
- 'idn:transform:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
put:
tags:
- Transforms
summary: Update a transform
description: Replaces the transform specified by the given ID with the transform provided in the request body. Only the "attributes" field is mutable. Attempting to change other properties (ex. "name" and "type") will result in an error.
operationId: updateTransform
parameters:
- name: id
in: path
description: ID of the transform to update
required: true
x-sailpoint-resource-operation-id: listTransforms
style: simple
explode: false
schema:
type: string
example: 2cd78adghjkja34jh2b1hkjhasuecd
requestBody:
description: 'The updated transform object. Must include "name", "type", and "attributes" fields, but "name" and "type" must not be modified.'
content:
application/json:
schema:
type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: `firstDate < secondDate` |
| LTE | Less than or equal to: `firstDate <= secondDate` |
| GT | Strictly greater than: `firstDate > secondDate` |
| GTE | Greater than or equal to: `firstDate >= secondDate` |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Transform rule that needs to be invoked by the transform
example: Transform Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
example:
name: Timestamp To Date
type: dateFormat
attributes:
inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS'
outputFormat: yyyy/dd/MM
responses:
'200':
description: Indicates the transform was successfully updated and returns its new representation.
content:
application/json:
schema:
allOf:
- type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: `firstDate < secondDate` |
| LTE | Less than or equal to: `firstDate <= secondDate` |
| GT | Strictly greater than: `firstDate > secondDate` |
| GTE | Greater than or equal to: `firstDate >= secondDate` |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Transform rule that needs to be invoked by the transform
example: Transform Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- id
- internal
properties:
id:
type: string
description: Unique ID of this transform
example: 2cd78adghjkja34jh2b1hkjhasuecd
internal:
type: boolean
description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
example: false
default: false
example:
id: 2cd78adghjkja34jh2b1hkjhasuecd
name: Timestamp To Date
type: dateFormat
attributes:
inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS'
outputFormat: yyyy/dd/MM
internal: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:transform:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
delete:
tags:
- Transforms
summary: Delete a transform
description: 'Deletes the transform specified by the given ID. Attempting to delete a transform that is used in one or more Identity Profile mappings will result in an error. If this occurs, you must first remove the transform from all mappings before deleting the transform.'
operationId: deleteTransform
parameters:
- name: id
in: path
description: ID of the transform to delete
required: true
x-sailpoint-resource-operation-id: listTransforms
style: simple
explode: false
schema:
type: string
example: 2cd78adghjkja34jh2b1hkjhasuecd
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:transform:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
/work-items:
get:
operationId: listWorkItems
tags:
- Work Items
summary: List work items
description: 'This gets a collection of work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: ownerId
schema:
type: string
description: ID of the work item owner.
required: false
example: 1211bcaa32112bcef6122adb21cef1ac
responses:
'200':
description: List of work items
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
nullable: true
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
nullable: true
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
nullable: true
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
nullable: true
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/work-items/completed:
get:
operationId: getCompletedWorkItems
tags:
- Work Items
summary: Completed work items
description: 'This gets a collection of completed work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: ownerId
schema:
type: string
description: 'The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.'
required: false
example: 1211bcaa32112bcef6122adb21cef1ac
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
responses:
'200':
description: List of completed work items.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
nullable: true
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
nullable: true
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
nullable: true
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
nullable: true
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/work-items/count:
get:
operationId: getCountWorkItems
tags:
- Work Items
summary: Count work items
description: 'This gets a count of work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: ownerId
schema:
type: string
description: ID of the work item owner.
required: false
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: List of work items
content:
application/json:
schema:
type: object
properties:
count:
type: integer
description: The count of work items
example: 29
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/work-items/completed/count:
get:
operationId: getCountCompletedWorkItems
tags:
- Work Items
summary: Count completed work items
description: 'This gets a count of completed work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: ownerId
schema:
type: string
description: ID of the work item owner.
required: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of work items
content:
application/json:
schema:
type: object
properties:
count:
type: integer
description: The count of work items
example: 29
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
/work-items/summary:
get:
operationId: getWorkItemsSummary
tags:
- Work Items
summary: Work items summary
description: 'This gets a summary of work items belonging to either the specified user(admin required), or the current user.'
parameters:
- in: query
name: ownerId
schema:
type: string
description: ID of the work item owner.
required: false
example: 1211bcaa32112bcef6122adb21cef1ac
responses:
'200':
description: List of work items
content:
application/json:
schema:
type: object
properties:
open:
type: integer
description: The count of open work items
example: 29
completed:
type: integer
description: The count of completed work items
example: 1
total:
type: integer
description: The count of total work items
example: 30
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/work-items/{id}':
get:
operationId: getWorkItem
tags:
- Work Items
summary: Get a work item
description: 'This gets the details of a Work Item belonging to either the specified user(admin required), or the current user.'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listWorkItems
description: ID of the work item.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: The work item with the given ID.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
nullable: true
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
nullable: true
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
nullable: true
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
nullable: true
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: completeWorkItem
tags:
- Work Items
summary: Complete a work item
description: 'This API completes a work item. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listWorkItems
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
description: Body is the request payload to create form definition request
content:
application/json:
schema:
type: string
nullable: true
responses:
'200':
description: A WorkItems object
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
nullable: true
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
nullable: true
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
nullable: true
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
nullable: true
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/work-items/{id}/approve/{approvalItemId}':
post:
operationId: approveApprovalItem
tags:
- Work Items
summary: Approve an approval item
description: 'This API approves an Approval Item. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listWorkItems
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: approvalItemId
schema:
type: string
required: true
description: The ID of the approval item.
example: 1211bcaa32112bcef6122adb21cef1ac
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
nullable: true
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
nullable: true
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
nullable: true
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
nullable: true
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/work-items/{id}/reject/{approvalItemId}':
post:
operationId: rejectApprovalItem
tags:
- Work Items
summary: Reject an approval item
description: 'This API rejects an Approval Item. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listWorkItems
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: approvalItemId
schema:
type: string
required: true
description: The ID of the approval item.
example: 1211bcaa32112bcef6122adb21cef1ac
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
nullable: true
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
nullable: true
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
nullable: true
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
nullable: true
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/work-items/bulk-approve/{id}':
post:
operationId: approveApprovalItemsInBulk
tags:
- Work Items
summary: Bulk approve approval items
description: 'This API bulk approves Approval Items. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listWorkItems
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
nullable: true
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
nullable: true
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
nullable: true
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
nullable: true
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/work-items/bulk-reject/{id}':
post:
operationId: rejectApprovalItemsInBulk
tags:
- Work Items
summary: Bulk reject approval items
description: 'This API bulk rejects Approval Items. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listWorkItems
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
nullable: true
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
nullable: true
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
nullable: true
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
nullable: true
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/work-items/{id}/submit-account-selection':
post:
operationId: submitAccountSelection
tags:
- Work Items
summary: Submit account selections
description: 'This API submits account selections. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listWorkItems
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
additionalProperties: true
example:
fieldName: fieldValue
description: 'Account Selection Data map, keyed on fieldName'
responses:
'200':
description: A work items details object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
nullable: true
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
nullable: true
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
nullable: true
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
nullable: true
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflows:
get:
operationId: listWorkflows
tags:
- Workflows
summary: List workflows
description: List all workflows in the tenant.
security:
- userAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflows
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
modified:
type: string
format: date-time
description: The date and time the workflow was modified.
example: '2023-12-05T15:18:27.699132301Z'
modifiedBy:
type: object
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
- ''
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
nullable: true
anyOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
nullable: true
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
nullable: true
description:
type: string
description: Description of the event trigger
example: Triggered when an identity's manager attribute changes
nullable: true
attributeToFilter:
type: string
description: The attribute to filter on
example: LifecycleState
nullable: true
formDefinitionId:
type: string
description: Form definition's unique identifier.
example: Admin_Access_Request_Form
nullable: true
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
nullable: true
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
nullable: true
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
nullable: true
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
nullable: true
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
example: daily
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
- null
nullable: true
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
nullable: true
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 9 * * 1
nullable: true
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
nullable: true
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
nullable: true
yearlyTimes:
type: array
items:
type: string
example: '1969-12-31T09:00:00.000Z'
description: Scheduled execution times
nullable: true
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createWorkflow
tags:
- Workflows
summary: Create workflow
description: Create a new workflow with the desired trigger and steps specified in the request body.
security:
- userAuth:
- 'sp:workflow:manage'
requestBody:
required: true
content:
application/json:
schema:
allOf:
- required:
- name
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
- ''
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
nullable: true
anyOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
nullable: true
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
nullable: true
description:
type: string
description: Description of the event trigger
example: Triggered when an identity's manager attribute changes
nullable: true
attributeToFilter:
type: string
description: The attribute to filter on
example: LifecycleState
nullable: true
formDefinitionId:
type: string
description: Form definition's unique identifier.
example: Admin_Access_Request_Form
nullable: true
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
nullable: true
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
nullable: true
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
nullable: true
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
nullable: true
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
example: daily
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
- null
nullable: true
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
nullable: true
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 9 * * 1
nullable: true
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
nullable: true
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
nullable: true
yearlyTimes:
type: array
items:
type: string
example: '1969-12-31T09:00:00.000Z'
description: Scheduled execution times
nullable: true
description: Workflow Trigger Attributes.
examples:
Event Trigger:
description: Workflow initiated by an event trigger
value:
name: Send Email
owner:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: William Wilson
description: Send an email to the identity who's attributes changed.
definition:
start: Send Email Test
steps:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: action
success:
type: success
enabled: false
trigger:
type: EVENT
attributes:
id: 'idn:identity-attributes-changed'
filter: '$.changes[?(@.attribute == ''manager'')]'
Scheduled Trigger:
description: Workflow initiated by a scheduled trigger
value:
name: Send Email
owner:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: William Wilson
description: Send an email to the identity who's attributes changed.
definition:
start: Send Email Test
steps:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: action
success:
type: success
enabled: false
trigger:
type: SCHEDULED
attributes:
cronString: 0 * */3 */5 *
External Trigger:
description: Workflow initiated by an external trigger
value:
name: Send Email
owner:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: William Wilson
description: Send an email to the identity whose attributes changed.
definition:
start: Send Email Test
steps:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: action
success:
type: success
enabled: false
trigger:
type: EXTERNAL
attributes:
name: search-and-notify
description: Run a search and notify the results
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
modified:
type: string
format: date-time
description: The date and time the workflow was modified.
example: '2023-12-05T15:18:27.699132301Z'
modifiedBy:
type: object
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
- ''
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
nullable: true
anyOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
nullable: true
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
nullable: true
description:
type: string
description: Description of the event trigger
example: Triggered when an identity's manager attribute changes
nullable: true
attributeToFilter:
type: string
description: The attribute to filter on
example: LifecycleState
nullable: true
formDefinitionId:
type: string
description: Form definition's unique identifier.
example: Admin_Access_Request_Form
nullable: true
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
nullable: true
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
nullable: true
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
nullable: true
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
nullable: true
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
example: daily
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
- null
nullable: true
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
nullable: true
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 9 * * 1
nullable: true
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
nullable: true
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
nullable: true
yearlyTimes:
type: array
items:
type: string
example: '1969-12-31T09:00:00.000Z'
description: Scheduled execution times
nullable: true
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/{id}':
get:
operationId: getWorkflow
tags:
- Workflows
summary: Get workflow by id
description: Get a single workflow by id.
security:
- userAuth:
- 'sp:workflow:read'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'200':
description: The workflow object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
modified:
type: string
format: date-time
description: The date and time the workflow was modified.
example: '2023-12-05T15:18:27.699132301Z'
modifiedBy:
type: object
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
- ''
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
nullable: true
anyOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
nullable: true
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
nullable: true
description:
type: string
description: Description of the event trigger
example: Triggered when an identity's manager attribute changes
nullable: true
attributeToFilter:
type: string
description: The attribute to filter on
example: LifecycleState
nullable: true
formDefinitionId:
type: string
description: Form definition's unique identifier.
example: Admin_Access_Request_Form
nullable: true
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
nullable: true
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
nullable: true
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
nullable: true
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
nullable: true
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
example: daily
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
- null
nullable: true
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
nullable: true
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 9 * * 1
nullable: true
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
nullable: true
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
nullable: true
yearlyTimes:
type: array
items:
type: string
example: '1969-12-31T09:00:00.000Z'
description: Scheduled execution times
nullable: true
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putWorkflow
tags:
- Workflows
summary: Update workflow
description: Perform a full update of a workflow. The updated workflow object is returned in the response.
security:
- userAuth:
- 'sp:workflow:manage'
parameters:
- name: id
in: path
description: Id of the Workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
- ''
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
nullable: true
anyOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
nullable: true
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
nullable: true
description:
type: string
description: Description of the event trigger
example: Triggered when an identity's manager attribute changes
nullable: true
attributeToFilter:
type: string
description: The attribute to filter on
example: LifecycleState
nullable: true
formDefinitionId:
type: string
description: Form definition's unique identifier.
example: Admin_Access_Request_Form
nullable: true
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
nullable: true
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
nullable: true
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
nullable: true
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
nullable: true
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
example: daily
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
- null
nullable: true
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
nullable: true
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 9 * * 1
nullable: true
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
nullable: true
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
nullable: true
yearlyTimes:
type: array
items:
type: string
example: '1969-12-31T09:00:00.000Z'
description: Scheduled execution times
nullable: true
description: Workflow Trigger Attributes.
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
modified:
type: string
format: date-time
description: The date and time the workflow was modified.
example: '2023-12-05T15:18:27.699132301Z'
modifiedBy:
type: object
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
- ''
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
nullable: true
anyOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
nullable: true
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
nullable: true
description:
type: string
description: Description of the event trigger
example: Triggered when an identity's manager attribute changes
nullable: true
attributeToFilter:
type: string
description: The attribute to filter on
example: LifecycleState
nullable: true
formDefinitionId:
type: string
description: Form definition's unique identifier.
example: Admin_Access_Request_Form
nullable: true
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
nullable: true
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
nullable: true
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
nullable: true
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
nullable: true
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
example: daily
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
- null
nullable: true
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
nullable: true
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 9 * * 1
nullable: true
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
nullable: true
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
nullable: true
yearlyTimes:
type: array
items:
type: string
example: '1969-12-31T09:00:00.000Z'
description: Scheduled execution times
nullable: true
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchWorkflow
tags:
- Workflows
summary: Patch workflow
description: 'Partially update an existing Workflow using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.'
security:
- userAuth:
- 'sp:workflow:manage'
parameters:
- name: id
in: path
description: Id of the Workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: true
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Update all patchable fields:
description: Demonstrate how to update each patchable field in one PATCH request.
value:
- op: replace
path: /name
value: Send Email
- op: replace
path: /owner
value:
type: IDENTITY
id: 2c91808568c529c60168cca6f90c1313
name: William Wilson
- op: replace
path: /description
value: Send an email to the identity who's attributes changed.
- op: replace
path: /enabled
value: false
- op: replace
path: /definition
value:
start: Send Email Test
steps:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: action
success:
type: success
- op: replace
path: /trigger
value:
type: EVENT
attributes:
id: 'idn:identity-attributes-changed'
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
allOf:
- type: object
properties:
id:
type: string
description: Workflow ID. This is a UUID generated upon creation.
example: d201c5e9-d37b-4aff-af14-66414f39d569
executionCount:
type: integer
format: int32
description: The number of times this workflow has been executed.
example: 2
failureCount:
type: integer
format: int32
description: The number of times this workflow has failed during execution.
example: 0
created:
type: string
format: date-time
description: The date and time the workflow was created.
example: '2022-01-10T16:06:16.636381447Z'
modified:
type: string
format: date-time
description: The date and time the workflow was modified.
example: '2023-12-05T15:18:27.699132301Z'
modifiedBy:
type: object
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Human-readable display name of identity.
example: Thomas Edison
creator:
type: object
description: Workflow creator's identity.
properties:
type:
type: string
description: Workflow creator's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workflow creator's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workflow creator's display name.
example: Michael Michaels
- type: object
properties:
name:
type: string
description: The name of the workflow
example: Send Email
owner:
type: object
description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request.
properties:
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
id:
type: string
description: The unique ID of the object
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: The name of the object
example: William Wilson
description:
type: string
description: Description of what the workflow accomplishes
example: Send an email to the identity who's attributes changed.
definition:
type: object
description: The map of steps that the workflow will execute.
properties:
start:
type: string
description: The name of the starting step.
example: Send Email Test
steps:
type: object
description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type.
additionalProperties: true
example:
Send Email:
actionId: 'sp:send-email'
attributes:
body: This is a test
from: sailpoint@sailpoint.com
recipientId.$: $.identity.id
subject: test
nextStep: success
selectResult: null
type: ACTION
success:
type: success
enabled:
type: boolean
description: Enable or disable the workflow. Workflows cannot be created in an enabled state.
default: false
example: false
trigger:
type: object
description: The trigger that starts the workflow
required:
- type
- attributes
properties:
type:
type: string
enum:
- EVENT
- EXTERNAL
- SCHEDULED
- ''
example: EVENT
description: The trigger type
displayName:
type: string
nullable: true
attributes:
nullable: true
anyOf:
- title: Event Trigger Attributes
type: object
description: Attributes related to an IdentityNow ETS event
additionalProperties: false
required:
- id
properties:
id:
type: string
description: The unique ID of the trigger
example: 'idn:identity-attributes-changed'
nullable: true
filter.$:
type: string
description: JSON path expression that will limit which events the trigger will fire on
example: '$.changes[?(@.attribute == ''manager'')]'
nullable: true
description:
type: string
description: Description of the event trigger
example: Triggered when an identity's manager attribute changes
nullable: true
attributeToFilter:
type: string
description: The attribute to filter on
example: LifecycleState
nullable: true
formDefinitionId:
type: string
description: Form definition's unique identifier.
example: Admin_Access_Request_Form
nullable: true
- title: External Trigger Attributes
type: object
description: Attributes related to an external trigger
additionalProperties: false
properties:
name:
type: string
description: A unique name for the external trigger
example: search-and-notify
nullable: true
description:
type: string
description: Additional context about the external trigger
example: Run a search and notify the results
nullable: true
clientId:
type: string
description: OAuth Client ID to authenticate with this trigger
example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc
nullable: true
url:
type: string
description: URL to invoke this workflow
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d'
nullable: true
- title: Scheduled Trigger Attributes
type: object
description: Attributes related to a scheduled trigger
additionalProperties: false
required:
- frequency
properties:
frequency:
type: string
description: Frequency of execution
example: daily
enum:
- daily
- weekly
- monthly
- yearly
- cronSchedule
- null
nullable: true
timeZone:
type: string
description: Time zone identifier
example: America/Chicago
nullable: true
cronString:
type: string
description: A valid CRON expression
externalDocs:
description: CRON expression editor
url: 'https://crontab.guru/'
example: 0 9 * * 1
nullable: true
weeklyDays:
type: array
items:
type: string
example: Monday
description: Scheduled days of the week for execution
nullable: true
weeklyTimes:
type: array
items:
type: string
example: Monday
description: Scheduled execution times
nullable: true
yearlyTimes:
type: array
items:
type: string
example: '1969-12-31T09:00:00.000Z'
description: Scheduled execution times
nullable: true
description: Workflow Trigger Attributes.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteWorkflow
tags:
- Workflows
summary: Delete workflow by id
description: Delete a workflow. **Enabled workflows cannot be deleted**. They must first be disabled.
security:
- userAuth:
- 'sp:workflow:manage'
parameters:
- name: id
in: path
description: Id of the Workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/{id}/test':
post:
operationId: testWorkflow
tags:
- Workflows
summary: Test workflow by id
description: |
:::info
Workflow must be disabled in order to use this endpoint.
:::
Test a workflow with the provided input data. The input data should resemble the input that the trigger will send the workflow. See the [event trigger documentation](https://developer.sailpoint.com/idn/docs/event-triggers/available) for an example input for the trigger that initiates this workflow.
This endpoint will return an execution ID, which can be used to lookup more information about the execution using the `Get a Workflow Execution` endpoint.
**This will cause a live run of the workflow, which could result in unintended modifications to your IDN tenant.**
security:
- userAuth:
- 'sp:workflow-execute:external'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- name: id
in: path
description: Id of the workflow
required: true
x-sailpoint-resource-operation-id: listWorkflows
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- input
properties:
input:
type: object
description: The test input for the workflow.
examples:
Identity Attributes Changed:
description: Identity Attributes Changed Trigger Input
value:
input:
identity:
id: ee769173319b41d19ccec6cea52f237b
name: john.doe
type: IDENTITY
changes:
- attribute: department
oldValue: sales
newValue: marketing
- attribute: manager
oldValue:
id: ee769173319b41d19ccec6c235423237b
name: nice.guy
type: IDENTITY
newValue:
id: ee769173319b41d19ccec6c235423236c
name: mean.guy
type: IDENTITY
- attribute: email
oldValue: john.doe@hotmail.com
newValue: john.doe@gmail.com
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
type: object
properties:
workflowExecutionId:
type: string
description: The workflow execution id
example: 0e11cefa-96e7-4b67-90d0-065bc1da5753
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/{id}/executions':
get:
operationId: getWorkflowExecutions
tags:
- Workflows
summary: List workflow executions
description: |-
Use this API to list a specified workflow's executions. Workflow executions are available for up to 90 days before being archived. By default, you can get a maximum of 250 executions. To get executions past the first 250 records, you can do the following:
1. Use the [Get Workflows](https://developer.sailpoint.com/idn/api/beta/list-workflows) endpoint to get your workflows.
2. Get your workflow ID from the response.
3. You can then do either of the following:
- Filter to find relevant workflow executions.
For example, you can filter for failed workflow executions: `GET /workflows/:workflowID/executions?filters=status eq "Failed"`
- Paginate through results with the `offset` parameter.
For example, you can page through 50 executions per page and use that as a way to get to the records past the first 250.
Refer to [Paginating Results](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results) for more information about the query parameters you can use to achieve pagination.
security:
- userAuth:
- 'sp:workflow:read'
parameters:
- name: id
in: path
description: Workflow ID.
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**start_time**: *eq, lt, le, gt, ge*
**status**: *eq*
example: status eq "Failed"
required: false
responses:
'200':
description: List of workflow executions for the specified workflow.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Workflow execution ID.
example: b393f4e2-4785-4d7f-ab27-3a6b8ded4c81
workflowId:
type: string
description: Workflow ID.
example: d201c5d9-d37b-4a2f-af14-66414f39d568
requestId:
type: string
description: Backend ID that tracks a workflow request in the system. Provide this ID in a customer support ticket for debugging purposes.
example: 41e12a74fa7b4a6a98ae47887b64acdb
startTime:
type: string
format: date-time
description: Date/time when the workflow started.
example: '2022-02-07T20:13:29.356648026Z'
closeTime:
type: string
format: date-time
description: Date/time when the workflow ended.
example: '2022-02-07T20:13:31.682410165Z'
status:
description: Workflow execution status.
type: string
enum:
- Completed
- Failed
- Canceled
- Running
- Queued
example: Completed
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflow-executions/{id}':
get:
operationId: getWorkflowExecution
tags:
- Workflows
summary: Get workflow execution
description: 'Use this API to get a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a "404 Not Found" response.'
security:
- userAuth:
- 'sp:workflow:read'
parameters:
- name: id
in: path
description: Workflow execution ID.
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'200':
description: Workflow execution.
content:
application/json:
schema:
items:
type: object
properties:
id:
type: string
description: Workflow execution ID.
example: b393f4e2-4785-4d7f-ab27-3a6b8ded4c81
workflowId:
type: string
description: Workflow ID.
example: d201c5d9-d37b-4a2f-af14-66414f39d568
requestId:
type: string
description: Backend ID that tracks a workflow request in the system. Provide this ID in a customer support ticket for debugging purposes.
example: 41e12a74fa7b4a6a98ae47887b64acdb
startTime:
type: string
format: date-time
description: Date/time when the workflow started.
example: '2022-02-07T20:13:29.356648026Z'
closeTime:
type: string
format: date-time
description: Date/time when the workflow ended.
example: '2022-02-07T20:13:31.682410165Z'
status:
description: Workflow execution status.
type: string
enum:
- Completed
- Failed
- Canceled
- Running
- Queued
example: Completed
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflow-executions/{id}/history':
get:
operationId: getWorkflowExecutionHistory
tags:
- Workflows
summary: Get workflow execution history
description: 'Get a detailed history of a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a 404 Not Found.'
security:
- userAuth:
- 'sp:workflow:read'
parameters:
- name: id
in: path
description: Id of the workflow execution
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'200':
description: List of workflow execution events for the given workflow execution
content:
application/json:
schema:
type: array
items:
type: object
properties:
type:
type: string
description: The type of event
enum:
- WorkflowExecutionScheduled
- WorkflowExecutionStarted
- WorkflowExecutionCompleted
- WorkflowExecutionFailed
- WorkflowTaskScheduled
- WorkflowTaskStarted
- WorkflowTaskCompleted
- WorkflowTaskFailed
- ActivityTaskScheduled
- ActivityTaskStarted
- ActivityTaskCompleted
- ActivityTaskFailed
- StartChildWorkflowExecutionInitiated
- ChildWorkflowExecutionStarted
- ChildWorkflowExecutionCompleted
- ChildWorkflowExecutionFailed
example: WorkflowTaskScheduled
timestamp:
type: string
format: date-time
description: The date-time when the event occurred
example: '2022-02-07T20:13:31.640618296Z'
attributes:
type: object
description: Additional attributes associated with the event
example: {}
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflow-executions/{id}/cancel':
post:
operationId: cancelWorkflowExecution
tags:
- Workflows
summary: Cancel workflow execution by id
description: Use this API to cancel a running workflow execution.
security:
- userAuth:
- 'sp:workflow-execute:external'
parameters:
- name: id
in: path
description: The workflow execution ID
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflow-library:
get:
operationId: listCompleteWorkflowLibrary
tags:
- Workflows
summary: List complete workflow library
description: 'This lists all triggers, actions, and operators in the library'
externalDocs:
description: Additional documentation for workflows
url: 'https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
security:
- userAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflow steps
content:
application/json:
schema:
type: array
items:
anyOf:
- title: Workflow Action
type: object
properties:
id:
type: string
description: Action ID. This is a static namespaced ID for the action
example: 'sp:create-campaign'
name:
type: string
description: Action Name
example: Create Certification Campaign
type:
type: string
description: Action type
example: ACTION
description:
type: string
description: Action Description
example: Generates a certification campaign.
formFields:
nullable: true
type: array
description: One or more inputs that the action accepts
items:
type: object
properties:
description:
type: string
description: Description of the form field
example: First value to compare
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
default: false
type:
description: The type of the form field
type: string
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- formPicker
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
- variableCreator
- htmlEditor
example: text
exampleOutput:
oneOf:
- type: object
description: Example output
- type: array
items:
type: object
deprecated:
type: boolean
deprecatedBy:
type: string
format: date-time
versionNumber:
type: integer
description: Version number
isSimulationEnabled:
type: boolean
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
default: false
outputSchema:
type: object
description: 'Defines the output schema, if any, that this action produces.'
example:
definitions: {}
properties:
autoRevokeAllowed:
$id: '#sp:create-campaign/autoRevokeAllowed'
default: true
examples:
- false
title: autoRevokeAllowed
type: boolean
deadline:
$id: '#sp:create-campaign/deadline'
default: ''
examples:
- '2020-12-25T06:00:00.468Z'
format: date-time
pattern: ^.*$
title: deadline
type: string
description:
$id: '#sp:create-campaign/description'
default: ''
examples:
- A review of everyone's access by their manager.
pattern: ^.*$
title: description
type: string
emailNotificationEnabled:
$id: '#sp:create-campaign/emailNotificationEnabled'
default: true
examples:
- false
title: emailNotificationEnabled
type: boolean
filter:
$id: '#sp:create-campaign/filter'
properties:
id:
$id: '#sp:create-campaign/filter/id'
default: ''
examples:
- e0adaae69852e8fe8b8a3d48e5ce757c
pattern: ^.*$
title: id
type: string
type:
$id: '#sp:create-campaign/filter/type'
default: ''
examples:
- CAMPAIGN_FILTER
pattern: ^.*$
title: type
type: string
title: filter
type: object
id:
$id: '#sp:create-campaign/id'
default: ''
examples:
- 2c918086719eec070171a7e3355a360a
pattern: ^.*$
title: id
type: string
name:
$id: '#sp:create-campaign/name'
default: ''
examples:
- Manager Review
pattern: ^.*$
title: name
type: string
recommendationsEnabled:
$id: '#sp:create-campaign/recommendationsEnabled'
default: true
examples:
- false
title: recommendationEnabled
type: boolean
type:
$id: '#sp:create-campaign/type'
default: ''
examples:
- MANAGER
pattern: ^.*$
title: type
type: string
title: 'sp:create-campaign'
type: object
- title: Workflow Trigger
type: object
properties:
id:
type: string
description: Trigger ID. This is a static namespaced ID for the trigger.
example: 'idn:identity-attributes-changed'
type:
description: Trigger type
type: string
enum:
- EVENT
- SCHEDULED
- EXTERNAL
example: EVENT
deprecated:
type: boolean
deprecatedBy:
type: string
format: date-time
isSimulationEnabled:
type: boolean
outputSchema:
type: object
description: Example output schema
name:
type: string
description: Trigger Name
example: Identity Attributes Changed
description:
type: string
description: Trigger Description
example: One or more identity attributes changed.
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
default: false
inputExample:
type: object
description: Example trigger payload if applicable
nullable: true
externalDocs:
description: List of triggers and their input schemas
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/available'
example:
changes:
- attribute: department
newValue: marketing
oldValue: sales
- attribute: manager
newValue:
id: ee769173319b41d19ccec6c235423236c
name: mean.guy
type: IDENTITY
oldValue:
id: ee769173319b41d19ccec6c235423237b
name: nice.guy
type: IDENTITY
- attribute: email
newValue: john.doe@gmail.com
oldValue: john.doe@hotmail.com
identity:
id: ee769173319b41d19ccec6cea52f237b
name: john.doe
type: IDENTITY
formFields:
type: array
nullable: true
description: One or more inputs that the trigger accepts
example: []
items:
type: object
properties:
description:
type: string
description: Description of the form field
example: First value to compare
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
default: false
type:
description: The type of the form field
type: string
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- formPicker
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
- variableCreator
- htmlEditor
example: text
- title: Workflow Operator
type: object
properties:
id:
type: string
description: Operator ID.
example: 'sp:compare-boolean'
name:
type: string
description: Operator friendly name
example: Compare Boolean Values
type:
description: Operator type
type: string
example: OPERATOR
description:
type: string
description: Description of the operator
example: Compare two boolean values and decide what happens based on the result.
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
deprecated:
type: boolean
deprecatedBy:
type: string
format: date-time
isSimulationEnabled:
type: boolean
formFields:
type: array
nullable: true
description: One or more inputs that the operator accepts
items:
type: object
properties:
description:
type: string
description: Description of the form field
example: First value to compare
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
default: false
type:
description: The type of the form field
type: string
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- formPicker
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
- variableCreator
- htmlEditor
example: text
example:
- description: Enter the JSONPath to a value from the input to compare to Variable B.
helpText: ''
label: Variable A
name: variableA.$
required: true
type: text
- helpText: Select an operation.
label: Operation
name: operator
options:
- label: Equals
value: BooleanEquals
required: true
type: select
- description: Enter the JSONPath to a value from the input to compare to Variable A.
helpText: ''
label: Variable B
name: variableB.$
required: false
type: text
- description: Enter True or False.
helpText: ''
label: Variable B
name: variableB
required: false
type: text
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflow-library/actions:
get:
operationId: listWorkflowLibraryActions
tags:
- Workflows
summary: List workflow library actions
description: This lists the workflow actions available to you.
externalDocs:
description: Additional documentation for each action
url: 'https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html#actions'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq*
example: 'id eq "sp:create-campaign"'
security:
- userAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflow actions
content:
application/json:
schema:
type: array
items:
title: Workflow Action
type: object
properties:
id:
type: string
description: Action ID. This is a static namespaced ID for the action
example: 'sp:create-campaign'
name:
type: string
description: Action Name
example: Create Certification Campaign
type:
type: string
description: Action type
example: ACTION
description:
type: string
description: Action Description
example: Generates a certification campaign.
formFields:
nullable: true
type: array
description: One or more inputs that the action accepts
items:
type: object
properties:
description:
type: string
description: Description of the form field
example: First value to compare
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
default: false
type:
description: The type of the form field
type: string
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- formPicker
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
- variableCreator
- htmlEditor
example: text
exampleOutput:
oneOf:
- type: object
description: Example output
- type: array
items:
type: object
deprecated:
type: boolean
deprecatedBy:
type: string
format: date-time
versionNumber:
type: integer
description: Version number
isSimulationEnabled:
type: boolean
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
default: false
outputSchema:
type: object
description: 'Defines the output schema, if any, that this action produces.'
example:
definitions: {}
properties:
autoRevokeAllowed:
$id: '#sp:create-campaign/autoRevokeAllowed'
default: true
examples:
- false
title: autoRevokeAllowed
type: boolean
deadline:
$id: '#sp:create-campaign/deadline'
default: ''
examples:
- '2020-12-25T06:00:00.468Z'
format: date-time
pattern: ^.*$
title: deadline
type: string
description:
$id: '#sp:create-campaign/description'
default: ''
examples:
- A review of everyone's access by their manager.
pattern: ^.*$
title: description
type: string
emailNotificationEnabled:
$id: '#sp:create-campaign/emailNotificationEnabled'
default: true
examples:
- false
title: emailNotificationEnabled
type: boolean
filter:
$id: '#sp:create-campaign/filter'
properties:
id:
$id: '#sp:create-campaign/filter/id'
default: ''
examples:
- e0adaae69852e8fe8b8a3d48e5ce757c
pattern: ^.*$
title: id
type: string
type:
$id: '#sp:create-campaign/filter/type'
default: ''
examples:
- CAMPAIGN_FILTER
pattern: ^.*$
title: type
type: string
title: filter
type: object
id:
$id: '#sp:create-campaign/id'
default: ''
examples:
- 2c918086719eec070171a7e3355a360a
pattern: ^.*$
title: id
type: string
name:
$id: '#sp:create-campaign/name'
default: ''
examples:
- Manager Review
pattern: ^.*$
title: name
type: string
recommendationsEnabled:
$id: '#sp:create-campaign/recommendationsEnabled'
default: true
examples:
- false
title: recommendationEnabled
type: boolean
type:
$id: '#sp:create-campaign/type'
default: ''
examples:
- MANAGER
pattern: ^.*$
title: type
type: string
title: 'sp:create-campaign'
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflow-library/triggers:
get:
operationId: listWorkflowLibraryTriggers
tags:
- Workflows
summary: List workflow library triggers
description: This lists the workflow triggers available to you
externalDocs:
description: Additional documentation for each trigger
url: 'https://documentation.sailpoint.com/saas/help/workflows/workflow-steps.html#triggers'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq*
example: 'id eq "idn:identity-attributes-changed"'
security:
- userAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflow triggers
content:
application/json:
schema:
type: array
items:
title: Workflow Trigger
type: object
properties:
id:
type: string
description: Trigger ID. This is a static namespaced ID for the trigger.
example: 'idn:identity-attributes-changed'
type:
description: Trigger type
type: string
enum:
- EVENT
- SCHEDULED
- EXTERNAL
example: EVENT
deprecated:
type: boolean
deprecatedBy:
type: string
format: date-time
isSimulationEnabled:
type: boolean
outputSchema:
type: object
description: Example output schema
name:
type: string
description: Trigger Name
example: Identity Attributes Changed
description:
type: string
description: Trigger Description
example: One or more identity attributes changed.
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
default: false
inputExample:
type: object
description: Example trigger payload if applicable
nullable: true
externalDocs:
description: List of triggers and their input schemas
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/available'
example:
changes:
- attribute: department
newValue: marketing
oldValue: sales
- attribute: manager
newValue:
id: ee769173319b41d19ccec6c235423236c
name: mean.guy
type: IDENTITY
oldValue:
id: ee769173319b41d19ccec6c235423237b
name: nice.guy
type: IDENTITY
- attribute: email
newValue: john.doe@gmail.com
oldValue: john.doe@hotmail.com
identity:
id: ee769173319b41d19ccec6cea52f237b
name: john.doe
type: IDENTITY
formFields:
type: array
nullable: true
description: One or more inputs that the trigger accepts
example: []
items:
type: object
properties:
description:
type: string
description: Description of the form field
example: First value to compare
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
default: false
type:
description: The type of the form field
type: string
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- formPicker
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
- variableCreator
- htmlEditor
example: text
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/workflow-library/operators:
get:
operationId: listWorkflowLibraryOperators
tags:
- Workflows
summary: List workflow library operators
description: This lists the workflow operators available to you
security:
- userAuth:
- 'sp:workflow:read'
responses:
'200':
description: List of workflow operators
content:
application/json:
schema:
type: array
items:
title: Workflow Operator
type: object
properties:
id:
type: string
description: Operator ID.
example: 'sp:compare-boolean'
name:
type: string
description: Operator friendly name
example: Compare Boolean Values
type:
description: Operator type
type: string
example: OPERATOR
description:
type: string
description: Description of the operator
example: Compare two boolean values and decide what happens based on the result.
isDynamicSchema:
type: boolean
description: 'Determines whether the dynamic output schema is returned in place of the action''s output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields.'
example: false
deprecated:
type: boolean
deprecatedBy:
type: string
format: date-time
isSimulationEnabled:
type: boolean
formFields:
type: array
nullable: true
description: One or more inputs that the operator accepts
items:
type: object
properties:
description:
type: string
description: Description of the form field
example: First value to compare
helpText:
type: string
description: Describes the form field in the UI
example: The name to give to this certification campaign.
label:
type: string
description: A human readable name for this form field in the UI
example: Campaign Name
name:
type: string
description: The name of the input attribute
example: name
required:
type: boolean
description: Denotes if this field is a required attribute
example: false
default: false
type:
description: The type of the form field
type: string
nullable: true
enum:
- text
- textarea
- boolean
- email
- url
- number
- json
- checkbox
- jsonpath
- select
- multiType
- duration
- toggle
- formPicker
- identityPicker
- governanceGroupPicker
- string
- object
- array
- secret
- keyValuePairs
- emailPicker
- advancedToggle
- variableCreator
- htmlEditor
example: text
example:
- description: Enter the JSONPath to a value from the input to compare to Variable B.
helpText: ''
label: Variable A
name: variableA.$
required: true
type: text
- helpText: Select an operation.
label: Operation
name: operator
options:
- label: Equals
value: BooleanEquals
required: true
type: select
- description: Enter the JSONPath to a value from the input to compare to Variable A.
helpText: ''
label: Variable B
name: variableB.$
required: false
type: text
- description: Enter True or False.
helpText: ''
label: Variable B
name: variableB
required: false
type: text
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/{id}/external/oauth-clients':
post:
operationId: createWorkflowExternalTrigger
tags:
- Workflows
summary: Generate external trigger oauth client
description: 'Create OAuth client ID, client secret, and callback URL for use in an external trigger. External triggers will need this information to generate an access token to authenticate to the callback URL and submit a trigger payload that will initiate the workflow.'
security:
- userAuth:
- 'sp:workflow:manage'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
responses:
'200':
description: The OAuth Client object
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: OAuth client ID for the trigger. This is a UUID generated upon creation.
example: 1a58c03a6bf64dc2876f6988c6e2c7b7
secret:
type: string
description: OAuthClient secret.
example: 00cc24a7fe810fe06a7cb38bc168ae104d703c7abb296f9944dc68e69ddb578b
url:
type: string
description: URL for the external trigger to invoke
example: 'https://tenant.api.identitynow.com/beta/workflows/execute/external/c17bea3a-574d-453c-9e04-4365fbf5af0b'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/execute/external/{id}':
post:
operationId: createExternalExecuteWorkflow
tags:
- Workflows
summary: Execute workflow via external trigger
description: This endpoint allows a service outside of IdentityNow to initiate a workflow that uses the "External Trigger" step. The external service will invoke this endpoint with the input data it wants to send to the workflow in the body.
security:
- userAuth:
- 'sp:workflow-execute:external'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: false
content:
application/json:
schema:
type: object
properties:
input:
type: object
description: The input for the workflow
example:
customAttribute1: value1
customAttribute2: value2
responses:
'200':
description: The Workflow object
content:
application/json:
schema:
type: object
properties:
workflowExecutionId:
type: string
description: The workflow execution id
example: 0e11cefa-96e7-4b67-90d0-065bc1da5753
message:
type: string
description: An error message if any errors occurred
example: Workflow was not executed externally. Check enabled flag on workflow definition
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workflows/execute/external/{id}/test':
post:
operationId: testExternalExecuteWorkflow
tags:
- Workflows
summary: Test workflow via external trigger
description: 'Validate a workflow with an "External Trigger" can receive input. The response includes the input that the workflow received, which can be used to validate that the input is intact when it reaches the workflow.'
security:
- userAuth:
- 'sp:workflow-execute:external'
parameters:
- name: id
in: path
description: Id of the workflow
required: true
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
requestBody:
required: false
content:
application/json:
schema:
type: object
properties:
input:
type: object
description: The test input for the workflow
example:
test: hello world
responses:
'200':
description: Responds with the test input
content:
application/json:
schema:
type: object
properties:
payload:
type: object
description: The input that was received
example:
test: hello world
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/source-usages/{sourceId}/status':
get:
tags:
- Source Usages
summary: Finds status of source usage
description: This API returns the status of the source usage insights setup by IDN source ID.
operationId: getStatusBySourceId
parameters:
- name: sourceId
in: path
description: ID of IDN source
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
example: 2c9180835d191a86015d28455b4a2329
security:
- userAuth:
- 'idn:accounts:read'
responses:
'200':
description: Status of the source usage insights setup by IDN source ID.
content:
application/json:
schema:
type: object
properties:
status:
type: string
description: |-
Source Usage Status. Acceptable values are:
- COMPLETE
- This status means that an activity data source has been setup and usage insights are available for the source.
- INCOMPLETE
- This status means that an activity data source has not been setup and usage insights are not available for the source.
example: COMPLETE
enum:
- COMPLETE
- INCOMPLETE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/source-usages/{sourceId}/summaries':
get:
tags:
- Source Usages
summary: Returns source usage insights
description: This API returns a summary of source usage insights for past 12 months.
operationId: getUsagesBySourceId
parameters:
- name: sourceId
in: path
description: ID of IDN source
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
example: 2c9180835d191a86015d28455b4a2329
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **date**
example: '-date'
security:
- userAuth:
- 'idn:accounts:read'
responses:
'200':
description: Summary of source usage insights for past 12 months.
content:
application/json:
schema:
type: array
items:
type: object
properties:
date:
type: string
format: date
description: The first day of the month for which activity is aggregated.
example: '2023-04-21'
count:
type: number
format: float
description: 'The average number of days that accounts were active within this source, for the month.'
example: 10.45
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/account-usages/{accountId}/summaries':
get:
tags:
- Account Usages
summary: Returns account usage insights
description: This API returns a summary of account usage insights for past 12 months.
operationId: getUsagesByAccountId
parameters:
- name: accountId
in: path
description: ID of IDN account
required: true
x-sailpoint-resource-operation-id: listAccounts
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **date**
example: '-date'
security:
- userAuth:
- 'idn:accounts:read'
responses:
'200':
description: Summary of account usage insights for past 12 months.
content:
application/json:
schema:
type: array
items:
type: object
properties:
date:
type: string
format: date
description: The first day of the month for which activity is aggregated.
example: '2023-04-21'
count:
type: integer
format: int64
description: The number of days within the month that the account was active in a source.
example: 10
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identity-profiles/identity-preview:
post:
operationId: generateIdentityPreview
tags:
- Identity Profiles
summary: Generate identity profile preview
description: This generates a non-persisted IdentityDetails object that will represent as the preview of the identities attribute when the given policy''s attribute config is applied.
requestBody:
description: Identity Preview request body.
required: true
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: uuid
example: 2c9180857893f12901789445619b0366
description: The Identity id
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: Backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Transform definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Identity attribute's name.
example: email
transformDefinition:
description: Seaspray transform definition.
type: object
properties:
type:
type: string
description: Transform definition type.
example: accountAttribute
attributes:
type: object
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
responses:
'200':
description: Object representing the preview object with all of the identity attributes using the current mappings.
content:
application/json:
schema:
type: object
properties:
identity:
type: object
description: Identity's basic details.
properties:
type:
type: string
description: Identity's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Identity's display name.
example: Michael Michaels
previewAttributes:
type: array
items:
type: object
properties:
name:
type: string
description: Name of the attribute that is being previewed.
example: email
value:
type: string
description: Value that was derived during the preview.
example: email@mail.com
previousValue:
type: string
description: The value of the attribute before the preview.
example: oldEmail@mail.com
errorMessages:
type: array
description: List of error messages
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
example:
locale: en-US
localeOrigin: DEFAULT
text: Error Message
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:identity-profile:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/work-items/{id}/forward':
post:
operationId: forwardWorkItem
tags:
- Work Items
summary: Forward a work item
description: 'This API forwards a work item to a new owner. Either an admin, or the owning/current user must make this request.'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listWorkItems
description: The ID of the work item
example: ef38f94347e94562b5bb8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- targetOwnerId
- comment
properties:
targetOwnerId:
type: string
description: The ID of the identity to forward this work item to.
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: Comments to send to the target owner
example: I'm going on vacation.
sendNotifications:
type: boolean
description: 'If true, send a notification to the target owner.'
default: true
example: true
responses:
'200':
description: 'Success, but no data is returned.'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/accounts/search-attribute-config:
post:
operationId: createSearchAttributeConfig
tags:
- Search Attribute Configuration
summary: Create extended search attributes
security:
- userAuth:
- 'idn:account-config:create'
x-sailpoint-userLevels:
- ORG_ADMIN
description: |-
Create and configure extended search attributes. This API accepts an attribute name, an attribute display name and a list of name/value pair associates of application IDs to attribute names. It will then validate the inputs and configure/create the attribute promotion configuration in the Link ObjectConfig.
>**Note: Give searchable attributes unique names. Do not give them the same names used for account attributes or source attributes. Also, do not give them the same names present in account schema for a current or future source, regardless of whether that source is included in the searchable attributes' `applicationAttributes`.**
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Name of the new attribute
example: newMailAttribute
displayName:
type: string
description: The display name of the new attribute
example: New Mail Attribute
applicationAttributes:
type: object
description: Map of application id and their associated attribute.
example:
2c91808b79fd2422017a0b35d30f3968: employeeNumber
2c91808b79fd2422017a0b36008f396b: employeeNumber
example:
name: newMailAttribute
displayName: New Mail Attribute
applicationAttributes:
2c9180866166b5b0016167c32ef31a66: mail
2c9180866166b5b0016167c32ef31a67: mail
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
get:
operationId: getSearchAttributeConfig
tags:
- Search Attribute Configuration
summary: List extended search attributes
security:
- userAuth:
- 'idn:account-config:read'
x-sailpoint-userLevels:
- ORG_ADMIN
description: Get a list of attribute/application attributes currently configured in Identity Security Cloud (ISC).
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of attribute configurations in ISC.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: Name of the new attribute
example: newMailAttribute
displayName:
type: string
description: The display name of the new attribute
example: New Mail Attribute
applicationAttributes:
type: object
description: Map of application id and their associated attribute.
example:
2c91808b79fd2422017a0b35d30f3968: employeeNumber
2c91808b79fd2422017a0b36008f396b: employeeNumber
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/accounts/search-attribute-config/{name}':
get:
operationId: getSingleSearchAttributeConfig
tags:
- Search Attribute Configuration
summary: Get extended search attribute
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
description: Get an extended attribute configuration by name.
parameters:
- name: name
in: path
description: Name of the extended search attribute configuration to get.
required: true
schema:
type: string
example: newMailAttribute
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Specific attribute configuration in IdentityNow.
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Name of the new attribute
example: newMailAttribute
displayName:
type: string
description: The display name of the new attribute
example: New Mail Attribute
applicationAttributes:
type: object
description: Map of application id and their associated attribute.
example:
2c91808b79fd2422017a0b35d30f3968: employeeNumber
2c91808b79fd2422017a0b36008f396b: employeeNumber
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSearchAttributeConfig
tags:
- Search Attribute Configuration
summary: Delete extended search attribute
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
description: Delete an extended attribute configuration by name.
parameters:
- name: name
in: path
description: Name of the extended search attribute configuration to delete.
required: true
schema:
type: string
example: newMailAttribute
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchSearchAttributeConfig
tags:
- Search Attribute Configuration
summary: Update extended search attribute
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
description: |-
Update an existing search attribute configuration.
You can patch these fields:
* name * displayName * applicationAttributes
parameters:
- name: name
in: path
description: Name of the search attribute configuration to patch.
required: true
schema:
type: string
example: promotedMailAttribute
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /name
value: newAttributeName
- op: replace
path: /displayName
value: new attribute display name
- op: add
path: /applicationAttributes
value:
2c91808b79fd2422017a0b35d30f3968: employeeNumber
required: true
responses:
'200':
description: Responds with the search attribute configuration as updated.
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Name of the new attribute
example: newMailAttribute
displayName:
type: string
description: The display name of the new attribute
example: New Mail Attribute
applicationAttributes:
type: object
description: Map of application id and their associated attribute.
example:
2c91808b79fd2422017a0b35d30f3968: employeeNumber
2c91808b79fd2422017a0b36008f396b: employeeNumber
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-model-metadata/attributes:
get:
summary: List access model metadata attributes
description: Get a list of Access Model Metadata Attributes
tags:
- Access Model Metadata
operationId: listAccessModelMetadataAttribute
security:
- userAuth:
- 'idn:access-model-metadata:read'
parameters:
- in: query
name: filters
schema:
type: string
example: name eq "Privacy"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *eq*
**type**: *eq*
**status**: *eq*
**objectTypes**: *eq*
Supported composite operators: *and*
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: OK
content:
application/json:
schema:
type: array
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-model-metadata/attributes/{key}':
get:
summary: Get access model metadata attribute
description: Get single Access Model Metadata Attribute
tags:
- Access Model Metadata
operationId: getAccessModelMetadataAttribute
security:
- userAuth:
- 'idn:access-model-metadata:read'
parameters:
- name: key
in: path
required: true
x-sailpoint-resource-operation-id: listAccessModelMetadataAttribute
schema:
type: string
description: Technical name of the Attribute.
example: iscPrivacy
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-model-metadata/attributes/{key}/values':
get:
summary: List access model metadata values
description: Get a list of Access Model Metadata Attribute Values
tags:
- Access Model Metadata
operationId: listAccessModelMetadataAttributeValue
security:
- userAuth:
- 'idn:access-model-metadata:read'
parameters:
- name: key
in: path
required: true
x-sailpoint-resource-operation-id: listAccessModelMetadataAttribute
schema:
type: string
description: Technical name of the Attribute.
example: iscPrivacy
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: OK
content:
application/json:
schema:
type: array
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/access-model-metadata/attributes/{key}/values/{value}':
get:
summary: Get access model metadata value
description: Get single Access Model Metadata Attribute Value
tags:
- Access Model Metadata
operationId: getAccessModelMetadataAttributeValue
security:
- userAuth:
- 'idn:access-model-metadata:read'
parameters:
- name: key
in: path
required: true
x-sailpoint-resource-operation-id: listAccessModelMetadataAttribute
schema:
type: string
description: Technical name of the Attribute.
example: iscPrivacy
- name: value
in: path
required: true
x-sailpoint-resource-operation-id: listAccessModelMetadataAttributeValue
schema:
type: string
description: Technical name of the Attribute value.
example: public
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/access-profiles/bulk-update-requestable:
post:
operationId: updateAccessProfilesInBulk
summary: Update access profile(s) requestable field.
tags:
- Access Profiles
description: |-
This API initiates a bulk update of field requestable for one or more Access Profiles.
> If any of the indicated Access Profiles is exists in Organization,then those Access Profiles will be added in **updated**
list of the response.Requestable field of these Access Profiles marked as **true** or **false**.
> If any of the indicated Access Profiles is not does not exists in Organization,then those Access Profiles will be added in **notFound** list of the response. Access Profiles marked as **notFound** will not be updated.
A SOURCE_SUBADMIN may only use this API to update Access Profiles which are associated with Sources they are able to administer.
requestBody:
required: true
content:
application/json:
schema:
description: List of Access profiles to be updated.
type: array
items:
type: object
description: Access Profile's basic details.
properties:
id:
type: string
description: Access Profile ID.
example: 464ae7bf-791e-49fd-b746-06a2e4a8
requestable:
type: boolean
description: Access Profile is requestable or not.
example: false
example:
- id: 464ae7bf-791e-49fd-b746-06a2e4a8
requestable: false
required:
- id
- requestable
example:
- id: 464ae7bf-791e-49fd-b746-06a2e4a89635
requestable: false
responses:
'207':
description: List of updated and not updated Access Profiles.
content:
application/json:
schema:
description: Access Profile Bulk update response.
type: array
items:
type: object
properties:
id:
description: Identifier of Access Profile in bulk update request.
type: string
example: 2c7180a46faadee4016fb4e018c20642
requestable:
description: Access Profile requestable or not.
type: boolean
example: false
status:
description: |
The HTTP response status code returned for an individual Access Profile that is requested for update during a bulk update operation.
> 201 - Access profile is updated successfully.
> 404 - Access profile not found.
type: string
example: '201'
description:
description: |
Human readable status description and containing additional context information about success or failures etc.
type: string
example: |
> Access profile is updated successfully.
> Referenced Access profile with Id "2c7180a46faadee4016fb4e018c20642" was not found.
required:
- id
- requestable
- status
example:
- id: 464ae7bf-791e-49fd-b746-06a2e4a8
status: '201'
requestable: false
description: Access Profile updated successfully.
example:
- id: 464ae7bf-791e-49fd-b746-06a2e4a89635
status: '201'
requestable: false
description: Access Profile updated successfully.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'412':
description: Precondition Failed - Returned in response if API/Feature not enabled for an organization.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' API/Feature not enabled for your organization.'
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:access-profile:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/access-requests/close:
post:
operationId: closeAccessRequest
tags:
- Access Requests
summary: Close access request
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
description: |
This endpoint closes access requests that are stuck in a pending state. It can be used throughout a request's lifecycle even after the approval state, unlike the [Cancel Access Request endpoint](https://developer.sailpoint.com/idn/api/v3/cancel-access-request/).
To find pending access requests with the UI, navigate to Search and use this query: status: Pending AND "Access Request". Use the Column Chooser to select 'Tracking Number', and use the 'Download' button to export a CSV containing the tracking numbers.
To find pending access requests with the API, use the [List Account Activities endpoint](https://developer.sailpoint.com/idn/api/v3/list-account-activities/).
Input the IDs from either source.
To track the status of endpoint requests, navigate to Search and use this query: name:"Close Identity Requests". Search will include "Close Identity Requests Started" audits when requests are initiated and "Close Identity Requests Completed" audits when requests are completed. The completion audit will list the identity request IDs that finished in error.
This API triggers the [Provisioning Completed event trigger](https://developer.sailpoint.com/idn/docs/event-triggers/triggers/provisioning-completed/) for each access request that is closed.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Request body payload for close access requests endpoint.
required:
- accessRequestIds
properties:
accessRequestIds:
type: array
description: Access Request IDs for the requests to be closed. Accepts 1-500 Identity Request IDs per request.
items:
type: string
example:
- 2c90ad2a70ace7d50170acf22ca90010
message:
type: string
description: Reason for closing the access request. Displayed under Warnings in IdentityNow.
default: The IdentityNow Administrator manually closed this request.
example: The IdentityNow Administrator manually closed this request.
executionStatus:
type: string
enum:
- Terminated
- Completed
description: The request's provisioning status. Displayed as Stage in IdentityNow.
default: Terminated
example: Terminated
completionStatus:
type: string
enum:
- Success
- Incomplete
- Failure
description: The request's overall status. Displayed as Status in IdentityNow.
default: Failure
example: Failure
example:
accessRequestIds:
- 2c90ad2a70ace7d50170acf22ca90010
executionStatus: Terminated
completionStatus: Failure
message: The IdentityNow Administrator manually closed this request.
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/ai-access-request-recommendations:
get:
operationId: getAccessRequestRecommendations
tags:
- IAI Access Request Recommendations
security:
- userAuth:
- 'iai:access-request-recommender:read'
x-sailpoint-userLevels:
- Any
summary: Identity access request recommendations
description: This API returns the access request recommendations for the specified identity. The default identity is *me* which indicates the current user.
parameters:
- in: query
name: identity-id
description: Get access request recommendations for an identityId. *me* indicates the current user.
schema:
type: string
default: me
required: false
example: 2c91808570313110017040b06f344ec9
- in: query
name: limit
description: Max number of results to return.
required: false
schema:
type: integer
format: int32
minimum: 0
maximum: 15
default: 15
example: 15
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: include-translation-messages
description: If *true* it will populate a list of translation messages in the response.
schema:
type: boolean
default: false
required: false
example: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**access.name**: *co*
**access.type**: *eq, in*
**access.description**: *co, eq, in*
required: false
example: access.name co "admin"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.name, access.type**
By default the recommendations are sorted by highest confidence first.
required: false
example: access.name
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of access request recommendations for the identityId
content:
application/json:
schema:
type: array
items:
type: object
properties:
identityId:
type: string
format: UUID
description: Identity ID for the recommendation
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
name:
type: string
description: Name of the access item
example: Employee-database-read-write
description:
type: string
description: Description of the access item
example: This item grants an employee read and write access to the database
ignored:
type: boolean
example: true
description: Whether or not the identity has already chosen to ignore this recommendation.
requested:
type: boolean
example: true
description: Whether or not the identity has already chosen to request this recommendation.
viewed:
type: boolean
example: true
description: Whether or not the identity reportedly viewed this recommendation.
messages:
type: array
items:
type: object
properties:
interpretation:
type: string
description: Information about why the access item was recommended.
example: 95% of your peers have this access.
translationMessages:
description: The list of translation messages
type: array
example:
- key: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
- '75'
- department
items:
type: object
properties:
key:
type: string
description: The key of the translation message
example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
type: array
description: The values corresponding to the translation messages
items:
type: string
example:
- '75'
- department
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/ai-access-request-recommendations/config:
get:
operationId: getAccessRequestRecommendationsConfig
tags:
- IAI Access Request Recommendations
security:
- userAuth:
- 'iai:configuration:read'
x-sailpoint-userLevels:
- ORG_ADMIN
summary: Get access request recommendations config
description: This API returns the configurations for Access Request Recommender for the tenant.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Configurations for Access Request Recommender for the tenant.
content:
application/json:
schema:
type: object
properties:
scoreThreshold:
type: number
format: float
description: The value that internal calculations need to exceed for recommendations to be made.
example: 0.5
startDateAttribute:
type: string
description: Use to map an attribute name for determining identities' start date.
example: startDate
restrictionAttribute:
type: string
description: Use to only give recommendations based on this attribute.
example: location
moverAttribute:
type: string
description: Use to map an attribute name for determining whether identities are movers.
example: isMover
joinerAttribute:
type: string
description: Use to map an attribute name for determining whether identities are joiners.
example: isJoiner
useRestrictionAttribute:
type: boolean
description: Use only the attribute named in restrictionAttribute to make recommendations.
example: true
default: false
required:
- scoreThreshold
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: setAccessRequestRecommendationsConfig
tags:
- IAI Access Request Recommendations
security:
- userAuth:
- 'iai:configuration:update'
x-sailpoint-userLevels:
- ORG_ADMIN
summary: Update access request recommendations config
description: This API updates the configurations for Access Request Recommender for the tenant.
requestBody:
description: The desired configurations for Access Request Recommender for the tenant.
required: true
content:
application/json:
schema:
type: object
properties:
scoreThreshold:
type: number
format: float
description: The value that internal calculations need to exceed for recommendations to be made.
example: 0.5
startDateAttribute:
type: string
description: Use to map an attribute name for determining identities' start date.
example: startDate
restrictionAttribute:
type: string
description: Use to only give recommendations based on this attribute.
example: location
moverAttribute:
type: string
description: Use to map an attribute name for determining whether identities are movers.
example: isMover
joinerAttribute:
type: string
description: Use to map an attribute name for determining whether identities are joiners.
example: isJoiner
useRestrictionAttribute:
type: boolean
description: Use only the attribute named in restrictionAttribute to make recommendations.
example: true
default: false
required:
- scoreThreshold
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Successfully updated configurations for Access Request Recommender for the tenant.
content:
application/json:
schema:
type: object
properties:
scoreThreshold:
type: number
format: float
description: The value that internal calculations need to exceed for recommendations to be made.
example: 0.5
startDateAttribute:
type: string
description: Use to map an attribute name for determining identities' start date.
example: startDate
restrictionAttribute:
type: string
description: Use to only give recommendations based on this attribute.
example: location
moverAttribute:
type: string
description: Use to map an attribute name for determining whether identities are movers.
example: isMover
joinerAttribute:
type: string
description: Use to map an attribute name for determining whether identities are joiners.
example: isJoiner
useRestrictionAttribute:
type: boolean
description: Use only the attribute named in restrictionAttribute to make recommendations.
example: true
default: false
required:
- scoreThreshold
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/ai-access-request-recommendations/ignored-items:
post:
operationId: addAccessRequestRecommendationsIgnoredItem
tags:
- IAI Access Request Recommendations
security:
- userAuth:
- 'iai:access-request-recommender:manage'
x-sailpoint-userLevels:
- Any
summary: Ignore access request recommendation
description: 'This API ignores a recommended access request item. Once an item is ignored, it will be marked as ignored=true if it is still a recommended item. The consumer can decide to hide ignored recommendations.'
requestBody:
description: The recommended access item to ignore for an identity.
required: true
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
required:
- identityId
- access
responses:
'201':
description: Recommendation successfully stored as ignored.
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
get:
operationId: getAccessRequestRecommendationsIgnoredItems
tags:
- IAI Access Request Recommendations
security:
- userAuth:
- 'iai:access-request-recommender:manage'
x-sailpoint-userLevels:
- Any
summary: List ignored access request recommendations
description: This API returns the list of ignored access request recommendations.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**access.id**: *eq, in*
**access.type**: *eq, in*
**identityId**: *eq, in*
required: false
example: identityId eq "2c9180846b0a0583016b299f210c1314"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp**
required: false
example: access.id
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Returns list of ignored access request recommendations.
content:
application/json:
schema:
type: array
items:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/ai-access-request-recommendations/requested-items:
post:
operationId: addAccessRequestRecommendationsRequestedItem
tags:
- IAI Access Request Recommendations
security:
- userAuth:
- 'iai:access-request-recommender:manage'
x-sailpoint-userLevels:
- Any
summary: Accept access request recommendation
description: 'This API consumes a notification that a recommended access request item was requested. This API does not actually make the request, it is just a notification. This will help provide feedback in order to improve our recommendations.'
requestBody:
description: The recommended access item that was requested for an identity.
required: true
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
required:
- identityId
- access
responses:
'201':
description: Notification successfully acknowledged.
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
get:
operationId: getAccessRequestRecommendationsRequestedItems
tags:
- IAI Access Request Recommendations
security:
- userAuth:
- 'iai:access-request-recommender:manage'
x-sailpoint-userLevels:
- Any
summary: List accepted access request recommendations
description: This API returns a list of requested access request recommendations.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**access.id**: *eq, in*
**access.type**: *eq, in*
**identityId**: *eq, in*
required: false
example: access.id eq "2c9180846b0a0583016b299f210c1314"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp**
required: false
example: access.id
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Returns the list of requested access request recommendations.
content:
application/json:
schema:
type: array
items:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/ai-access-request-recommendations/viewed-items:
post:
operationId: addAccessRequestRecommendationsViewedItem
tags:
- IAI Access Request Recommendations
security:
- userAuth:
- 'iai:access-request-recommender:manage'
x-sailpoint-userLevels:
- Any
summary: Mark viewed access request recommendations
description: This API consumes a notification that a recommended access request item was viewed. Future recommendations with this item will be marked with viewed=true. This can be useful for the consumer to determine if there are any new/unviewed recommendations.
requestBody:
description: The recommended access that was viewed for an identity.
required: true
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
required:
- identityId
- access
responses:
'201':
description: Recommendation successfully stored as viewed.
content:
application/json:
schema:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
get:
operationId: getAccessRequestRecommendationsViewedItems
tags:
- IAI Access Request Recommendations
security:
- userAuth:
- 'iai:access-request-recommender:read'
x-sailpoint-userLevels:
- Any
summary: List viewed access request recommendations
description: This API returns the list of viewed access request recommendations.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**access.id**: *eq, in*
**access.type**: *eq, in*
**identityId**: *eq, in*
required: false
example: access.id eq "2c9180846b0a0583016b299f210c1314"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp**
required: false
example: access.id
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Returns list of viewed access request recommendations.
content:
application/json:
schema:
type: array
items:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/ai-access-request-recommendations/viewed-items/bulk-create:
post:
operationId: addAccessRequestRecommendationsViewedItems
tags:
- IAI Access Request Recommendations
security:
- userAuth:
- 'iai:access-request-recommender:manage'
x-sailpoint-userLevels:
- Any
summary: Bulk mark viewed access request recommendations
description: This API consumes a notification that a set of recommended access request item were viewed. Future recommendations with these items will be marked with viewed=true. This can be useful for the consumer to determine if there are any new/unviewed recommendations.
requestBody:
description: The recommended access items that were viewed for an identity.
required: true
content:
application/json:
schema:
type: array
items:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
required:
- identityId
- access
responses:
'201':
description: Recommendations successfully stored as viewed.
content:
application/json:
schema:
type: array
items:
type: object
properties:
identityId:
type: string
format: UUID
description: The identity ID taking the action.
example: 2c91808570313110017040b06f344ec9
access:
type: object
properties:
id:
type: string
format: UUID
description: ID of access item being recommended.
example: 2c9180835d2e5168015d32f890ca1581
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
description: The type of access item.
example: ACCESS_PROFILE
timestamp:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/accounts/{id}/remove':
post:
operationId: deleteAccountAsync
summary: Remove account
tags:
- Accounts
description: |
Use this endpoint to remove accounts from the system without provisioning changes to the source. Accounts that are removed could be re-created during the next aggregation.
This endpoint is good for:
* Removing accounts that no longer exist on the source.
* Removing accounts that won't be aggregated following updates to the source configuration.
* Forcing accounts to be re-created following the next aggregation to re-run account processing, support testing, etc.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listAccounts
description: The account id
example: c350d6aa4f104c61b062cb632421ad10
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'202':
description: Accepted. Returns task result details of removal request.
content:
application/json:
schema:
type: object
description: Task result.
properties:
type:
type: string
description: Task result DTO type.
enum:
- TASK_RESULT
example: TASK_RESULT
id:
type: string
description: Task result ID.
example: 464ae7bf791e49fdb74606a2e4a89635
name:
type: string
description: Task result display name.
nullable: true
example: null
example:
type: TASK_RESULT
id: 464ae7bf791e49fdb74606a2e4a89635
name: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:accounts:manage'
'/identities-accounts/{id}/enable':
post:
operationId: enableAccountForIdentity
tags:
- Accounts
summary: Enable idn account for identity
description: This API submits a task to enable IDN account for a single identity.
externalDocs:
description: Learn more about enabling identities here
url: 'https://documentation.sailpoint.com/saas/help/common/users/user_access.html#enabling-user-identities'
security:
- userAuth:
- 'idn:accounts-state:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentities
description: The identity id.
example: 2c91808384203c2d018437e631158309
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities-accounts/{id}/disable':
post:
operationId: disableAccountForIdentity
tags:
- Accounts
summary: Disable idn account for identity
description: This API submits a task to disable IDN account for a single identity.
externalDocs:
description: Learn more about disabling identities here
url: 'https://documentation.sailpoint.com/saas/help/common/users/user_access.html#disabling-user-identities'
security:
- userAuth:
- 'idn:accounts-state:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentities
description: The identity id.
example: 2c91808384203c2d018437e631158309
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identities-accounts/enable:
post:
operationId: enableAccountsForIdentities
tags:
- Accounts
summary: Enable idn accounts for identities
description: This API submits tasks to enable IDN account for each identity provided in the request body.
externalDocs:
description: Learn more about enabling identities here
url: 'https://documentation.sailpoint.com/saas/help/common/users/user_access.html#enabling-user-identities'
security:
- userAuth:
- 'idn:accounts-state:manage'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
identityIds:
description: The ids of the identities for which enable/disable accounts.
type: array
items:
type: string
example:
- 2c91808384203c2d018437e631158308
- 2c9180858082150f0180893dbaf553fe
responses:
'207':
description: Bulk response details.
content:
application/json:
schema:
type: array
items:
type: object
description: Bulk response object.
properties:
id:
type: string
description: Identifier of bulk request item.
example: 2c9180858082150f0180893dbaf553fe
statusCode:
type: integer
format: int32
description: Response status value.
example: 404
message:
type: string
description: Status containing additional context information about failures.
example: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found.
example:
- id: 2c9180858082150f0180893dbaf553fe
statusCode: 404
message: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found.
- id: 2c91808384203c2d018437e631158308
statusCode: 202
message: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/identities-accounts/disable:
post:
operationId: disableAccountsForIdentities
tags:
- Accounts
summary: Disable idn accounts for identities
description: This API submits tasks to disable IDN account for each identity provided in the request body.
externalDocs:
description: Learn more about disabling identities here
url: 'https://documentation.sailpoint.com/saas/help/common/users/user_access.html#disabling-user-identities'
security:
- userAuth:
- 'idn:accounts-state:manage'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
identityIds:
description: The ids of the identities for which enable/disable accounts.
type: array
items:
type: string
example:
- 2c91808384203c2d018437e631158308
- 2c9180858082150f0180893dbaf553fe
responses:
'207':
description: Bulk response details.
content:
application/json:
schema:
type: array
items:
type: object
description: Bulk response object.
properties:
id:
type: string
description: Identifier of bulk request item.
example: 2c9180858082150f0180893dbaf553fe
statusCode:
type: integer
format: int32
description: Response status value.
example: 404
message:
type: string
description: Status containing additional context information about failures.
example: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found.
example:
- id: 2c9180858082150f0180893dbaf553fe
statusCode: 404
message: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found.
- id: 2c91808384203c2d018437e631158308
statusCode: 202
message: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/account-aggregations/{id}/status':
get:
operationId: getAccountAggregationStatus
tags:
- Account Aggregations
summary: In-progress account aggregation status
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
description: |-
This API returns the status of an *in-progress* account aggregation, along with the total number of **NEW**, **CHANGED** and **DELETED** accounts found since the previous aggregation, and the number of those accounts that have been processed so far.
Accounts that have not changed since the previous aggregation are not included in **totalAccounts** and **processedAccounts** counts returned by this API. This is distinct from **Accounts Scanned** shown in the Aggregation UI, which indicates total accounts scanned regardless of whether they changed or not.
Since this endpoint reports on the status of an *in-progress* account aggregation, totalAccounts and processedAccounts may change between calls to this endpoint.
*Only available up to an hour after the aggregation completes. May respond with *404 Not Found* after that.*
required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getTaskStatusList
description: The account aggregation id
example: 2c91808477a6b0c60177a81146b8110b
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: An account aggregation status object
content:
application/json:
schema:
type: object
properties:
start:
type: string
format: date-time
nullable: true
example: '2021-01-31T14:30:05.104Z'
description: When the aggregation started.
status:
type: string
enum:
- STARTED
- ACCOUNTS_COLLECTED
- COMPLETED
- CANCELLED
- RETRIED
- TERMINATED
- NOT_FOUND
example: ACCOUNTS_COLLECTED
description: |
STARTED - Aggregation started, but source account iteration has not completed.
ACCOUNTS_COLLECTED - Source account iteration completed, but all accounts have not yet been processed.
COMPLETED - Aggregation completed (*possibly with errors*).
CANCELLED - Aggregation cancelled by user.
RETRIED - Aggregation retried because of connectivity issues with the Virtual Appliance.
TERMINATED - Aggregation marked as failed after 3 tries after connectivity issues with the Virtual Appliance.
totalAccounts:
type: integer
example: 520
description: 'The total number of *NEW, CHANGED and DELETED* accounts that need to be processed for this aggregation. This does not include accounts that were unchanged since the previous aggregation. This can be zero if there were no new, changed or deleted accounts since the previous aggregation. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*'
processedAccounts:
type: integer
example: 150
description: 'The number of *NEW, CHANGED and DELETED* accounts that have been processed so far. This reflects the number of accounts that have been processed at the time of the API call, and may increase on subsequent API calls while the status is ACCOUNTS_COLLECTED. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.*'
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/auth-profiles:
get:
operationId: getProfileConfigList
tags:
- Auth Profile
summary: Get list of auth profiles
description: This API returns a list of auth profiles.
security:
- userAuth:
- 'sp:auth-profile:read'
responses:
'200':
description: List of Auth Profiles
content:
application/json:
schema:
type: array
items:
type: object
properties:
tenant:
type: string
description: Tenant name.
example: test-tenant
id:
type: string
description: Identity ID.
example: 2c91808458ae7a4f0158b1bbf8af0628
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/auth-profiles/{id}':
get:
operationId: getProfileConfig
tags:
- Auth Profile
summary: Get auth profile
description: This API returns auth profile information.
security:
- userAuth:
- 'sp:auth-profile:read'
responses:
'200':
description: Auth Profile
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Authentication Profile name.
example: EndToEnd-Profile
offNetwork:
type: boolean
description: Use it to block access from off network.
default: false
example: true
untrustedGeography:
type: boolean
description: Use it to block access from untrusted geoographies.
default: false
example: true
applicationId:
type: string
nullable: true
description: Application ID.
example: 2c91808458ae7a4f0158b1bbf8af0628
applicationName:
type: string
nullable: true
description: Application name.
example: EndToEnd-Source
type:
type: string
enum:
- BLOCK
- MFA
- NON_PTA
- PTA
description: Type of the Authentication Profile.
example: PTA
strongAuthLogin:
type: boolean
description: Use it to enable strong authentication.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
- name: id
in: path
description: ID of the Auth Profile to patch.
required: true
x-sailpoint-resource-operation-id: getProfileConfigList
schema:
type: string
example: 2c91808a7813090a017814121919ecca
patch:
operationId: patchProfileConfig
tags:
- Auth Profile
summary: Patch a specified auth profile
description: |-
This API updates an existing Auth Profile. The following fields are patchable:
**offNetwork**, **untrustedGeography**, **applicationId**, **applicationName**, **type**
parameters:
- name: id
in: path
description: ID of the Auth Profile to patch.
required: true
x-sailpoint-resource-operation-id: getProfileConfigList
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
required: true
responses:
'200':
description: Responds with the Auth Profile as updated.
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Authentication Profile name.
example: EndToEnd-Profile
offNetwork:
type: boolean
description: Use it to block access from off network.
default: false
example: true
untrustedGeography:
type: boolean
description: Use it to block access from untrusted geoographies.
default: false
example: true
applicationId:
type: string
nullable: true
description: Application ID.
example: 2c91808458ae7a4f0158b1bbf8af0628
applicationName:
type: string
nullable: true
description: Application name.
example: EndToEnd-Source
type:
type: string
enum:
- BLOCK
- MFA
- NON_PTA
- PTA
description: Type of the Authentication Profile.
example: PTA
strongAuthLogin:
type: boolean
description: Use it to enable strong authentication.
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:auth-profile:update'
/custom-password-instructions:
post:
operationId: createCustomPasswordInstructions
tags:
- Custom Password Instructions
summary: Create custom password instructions
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
description: This API creates the custom password instructions for the specified page ID.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
pageId:
type: string
example: 'change-password:enter-password'
description: 'The page ID that represents the page for forget user name, reset password and unlock account flow.'
enum:
- 'change-password:enter-password'
- 'change-password:finish'
- 'flow-selection:select'
- 'forget-username:user-email'
- 'mfa:enter-code'
- 'mfa:enter-kba'
- 'mfa:select'
- 'reset-password:enter-password'
- 'reset-password:enter-username'
- 'reset-password:finish'
- 'unlock-account:enter-username'
- 'unlock-account:finish'
pageContent:
type: string
example: Please enter a new password. Your password must be at least 8 characters long and contain at least one number and one letter.
description: |
The custom instructions for the specified page. Allow basic HTML format and maximum length is 1000 characters. The custom instructions will be sanitized to avoid attacks.
If the customization text includes a link, like `...` clicking on this will open the link on the current browser page.
If you want your link to be redirected to a different page, please redirect it to "_blank" like this: `link`. This will open a new tab when the link is clicked. Notice we're only supporting _blank as the redirection target.
locale:
type: string
example: en
description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".'
example:
pageId: 'reset-password:enter-password'
pageContent: See company password policies for details by clicking here
responses:
'200':
description: Reference to the custom password instructions.
content:
application/json:
schema:
type: object
properties:
pageId:
type: string
example: 'change-password:enter-password'
description: 'The page ID that represents the page for forget user name, reset password and unlock account flow.'
enum:
- 'change-password:enter-password'
- 'change-password:finish'
- 'flow-selection:select'
- 'forget-username:user-email'
- 'mfa:enter-code'
- 'mfa:enter-kba'
- 'mfa:select'
- 'reset-password:enter-password'
- 'reset-password:enter-username'
- 'reset-password:finish'
- 'unlock-account:enter-username'
- 'unlock-account:finish'
pageContent:
type: string
example: Please enter a new password. Your password must be at least 8 characters long and contain at least one number and one letter.
description: |
The custom instructions for the specified page. Allow basic HTML format and maximum length is 1000 characters. The custom instructions will be sanitized to avoid attacks.
If the customization text includes a link, like `...` clicking on this will open the link on the current browser page.
If you want your link to be redirected to a different page, please redirect it to "_blank" like this: `link`. This will open a new tab when the link is clicked. Notice we're only supporting _blank as the redirection target.
locale:
type: string
example: en
description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".'
example:
pageId: 'reset-password:enter-password'
locale: default
pageContent: See company password policies for details by clicking here
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/custom-password-instructions/{pageId}':
get:
operationId: getCustomPasswordInstructions
tags:
- Custom Password Instructions
summary: Get custom password instructions by page id
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
description: This API returns the custom password instructions for the specified page ID.
parameters:
- in: path
name: pageId
schema:
type: string
enum:
- 'change-password:enter-password'
- 'change-password:finish'
- 'flow-selection:select'
- 'forget-username:user-email'
- 'mfa:enter-code'
- 'mfa:enter-kba'
- 'mfa:select'
- 'reset-password:enter-password'
- 'reset-password:enter-username'
- 'reset-password:finish'
- 'unlock-account:enter-username'
- 'unlock-account:finish'
required: true
description: The page ID of custom password instructions to query.
example: 'mfa:select'
- in: query
name: locale
schema:
type: string
description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".'
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Reference to the custom password instructions.
content:
application/json:
schema:
type: object
properties:
pageId:
type: string
example: 'change-password:enter-password'
description: 'The page ID that represents the page for forget user name, reset password and unlock account flow.'
enum:
- 'change-password:enter-password'
- 'change-password:finish'
- 'flow-selection:select'
- 'forget-username:user-email'
- 'mfa:enter-code'
- 'mfa:enter-kba'
- 'mfa:select'
- 'reset-password:enter-password'
- 'reset-password:enter-username'
- 'reset-password:finish'
- 'unlock-account:enter-username'
- 'unlock-account:finish'
pageContent:
type: string
example: Please enter a new password. Your password must be at least 8 characters long and contain at least one number and one letter.
description: |
The custom instructions for the specified page. Allow basic HTML format and maximum length is 1000 characters. The custom instructions will be sanitized to avoid attacks.
If the customization text includes a link, like `...` clicking on this will open the link on the current browser page.
If you want your link to be redirected to a different page, please redirect it to "_blank" like this: `link`. This will open a new tab when the link is clicked. Notice we're only supporting _blank as the redirection target.
locale:
type: string
example: en
description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".'
example:
pageId: 'reset-password:enter-password'
locale: default
pageContent: See company password policies for details by clicking here
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteCustomPasswordInstructions
tags:
- Custom Password Instructions
summary: Delete custom password instructions by page id
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
description: This API delete the custom password instructions for the specified page ID.
parameters:
- in: path
name: pageId
schema:
type: string
enum:
- 'change-password:enter-password'
- 'change-password:finish'
- 'flow-selection:select'
- 'forget-username:user-email'
- 'mfa:enter-code'
- 'mfa:enter-kba'
- 'mfa:select'
- 'reset-password:enter-password'
- 'reset-password:enter-username'
- 'reset-password:finish'
- 'unlock-account:enter-username'
- 'unlock-account:finish'
required: true
description: The page ID of custom password instructions to delete.
example: 'mfa:select'
- in: query
name: locale
schema:
type: string
description: 'The locale for the custom instructions, a BCP47 language tag. The default value is \"default\".'
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/entitlements:
get:
operationId: listEntitlements
tags:
- Entitlements
summary: Gets a list of entitlements.
security:
- userAuth:
- 'idn:entitlement:read'
- 'idn:entitlement:manage'
description: |-
This API returns a list of entitlements.
This API can be used in one of the two following ways: either getting entitlements for a specific **account-id**, or getting via use of **filters** (those two options are exclusive).
Any authenticated token can call this API.
parameters:
- in: query
name: account-id
schema:
type: string
description: 'The account ID. If specified, returns only entitlements associated with the given Account. Cannot be specified with the **filters**, **segmented-for-identity**, **for-segment-ids**, or **include-unsegmented** param(s).'
example: ef38f94347e94562b5bb8424a56397d8
required: false
- in: query
name: segmented-for-identity
schema:
type: string
description: |-
If present and not empty, additionally filters Entitlements to those which are assigned to the Segment(s) which are visible to the Identity with the specified ID. By convention, the value **me** can stand in for the current user's Identity ID.
Cannot be specified with the **account-id** or **for-segment-ids** param(s). It is also illegal to specify a value that refers to a different user's Identity.
example: me
required: false
- in: query
name: for-segment-ids
schema:
type: string
format: comma-separated
description: |-
If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs.
Cannot be specified with the **account-id** or **segmented-for-identity** param(s).
example: '041727d4-7d95-4779-b891-93cf41e98249,a378c9fa-bae5-494c-804e-a1e30f69f649'
required: false
- in: query
name: include-unsegmented
schema:
type: boolean
default: true
description: 'Whether or not the response list should contain unsegmented Entitlements. If **for-segment-ids** and **segmented-for-identity** are both absent or empty, specifying **include-unsegmented=false** results in an error.'
example: true
required: false
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, type, attribute, value, source.id, requestable**
example: 'name,-modified'
required: false
style: form
explode: true
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in, sw*
**type**: *eq, in*
**attribute**: *eq, in*
**value**: *eq, in, sw*
**source.id**: *eq, in*
**requestable**: *eq*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
example: attribute eq "memberOf"
required: false
style: form
explode: true
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of entitlements
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
attribute:
type: string
description: The entitlement attribute name
example: memberOf
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
description:
type: string
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
nullable: true
privileged:
type: boolean
description: True if the entitlement is privileged
default: false
example: true
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
default: false
example: true
requestable:
type: boolean
description: True if the entitlement is able to be directly requested
example: true
default: false
owner:
type: object
description: The identity that owns the entitlement
nullable: true
properties:
id:
type: string
description: The identity ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
enum:
- IDENTITY
description: The type of object
example: IDENTITY
name:
type: string
description: The display name of the identity
example: john.doe
manuallyUpdatedFields:
type: object
description: 'A map of entitlement fields that have been manually updated. The key is the field name in UPPER_SNAKE_CASE format, and the value is true or false to indicate if the field has been updated.'
nullable: true
additionalProperties: true
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
type: object
description: Additional data to classify the entitlement
properties:
attributes:
type: array
items:
type: object
description: Metadata that describes an access item
properties:
key:
type: string
description: Unique identifier for the metadata type
example: iscCsp
name:
type: string
description: Human readable name of the metadata type
example: CSP
multiselect:
type: boolean
default: false
example: true
description: Allows selecting multiple values
status:
type: string
description: The state of the metadata item
example: active
type:
type: string
description: The type of the metadata item
example: governance
objectTypes:
type: array
description: The types of objects
example:
- general
items:
type: string
example: general
description:
type: string
description: Describes the metadata item
example: Indicates the type of deployment environment of an access item.
values:
type: array
description: The value to assign to the metadata item
items:
type: object
description: An individual value to assign to the metadata item
properties:
value:
type: string
description: The value to assign to the metdata item
example: development
name:
type: string
description: Display name of the value
example: Development
status:
type: string
description: The status of the individual value
example: active
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
example: HereIsRight1
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/entitlements/{id}':
get:
operationId: getEntitlement
tags:
- Entitlements
summary: Get an entitlement
description: This API returns an entitlement by its ID.
security:
- userAuth:
- 'idn:entitlement:read'
- 'idn:entitlement:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listEntitlements
description: The entitlement ID
example: 2c91808874ff91550175097daaec161c
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: An entitlement
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
attribute:
type: string
description: The entitlement attribute name
example: memberOf
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
description:
type: string
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
nullable: true
privileged:
type: boolean
description: True if the entitlement is privileged
default: false
example: true
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
default: false
example: true
requestable:
type: boolean
description: True if the entitlement is able to be directly requested
example: true
default: false
owner:
type: object
description: The identity that owns the entitlement
nullable: true
properties:
id:
type: string
description: The identity ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
enum:
- IDENTITY
description: The type of object
example: IDENTITY
name:
type: string
description: The display name of the identity
example: john.doe
manuallyUpdatedFields:
type: object
description: 'A map of entitlement fields that have been manually updated. The key is the field name in UPPER_SNAKE_CASE format, and the value is true or false to indicate if the field has been updated.'
nullable: true
additionalProperties: true
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
type: object
description: Additional data to classify the entitlement
properties:
attributes:
type: array
items:
type: object
description: Metadata that describes an access item
properties:
key:
type: string
description: Unique identifier for the metadata type
example: iscCsp
name:
type: string
description: Human readable name of the metadata type
example: CSP
multiselect:
type: boolean
default: false
example: true
description: Allows selecting multiple values
status:
type: string
description: The state of the metadata item
example: active
type:
type: string
description: The type of the metadata item
example: governance
objectTypes:
type: array
description: The types of objects
example:
- general
items:
type: string
example: general
description:
type: string
description: Describes the metadata item
example: Indicates the type of deployment environment of an access item.
values:
type: array
description: The value to assign to the metadata item
items:
type: object
description: An individual value to assign to the metadata item
properties:
value:
type: string
description: The value to assign to the metdata item
example: development
name:
type: string
description: Display name of the value
example: Development
status:
type: string
description: The status of the individual value
example: active
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
example: HereIsRight1
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
example:
sourceSchemaObjectType: group
attribute: memberOf
attributes:
GroupType: Security
sAMAccountName: LauncherTest1
GroupScope: Global
objectguid: '{01a6e70b-9705-4155-a5c6-492a9bcc8c64}'
objectSid: S-1-5-21-3585869415-1648031554-2909195034-1633
cn: LauncherTest1
msDS-PrincipalName: AUTOMATIONAD\LauncherTest1
value: 'CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
description: some description
privileged: false
cloudGoverned: false
source:
type: SOURCE
id: 2c9180877504c40e0175097d5ce707c8
name: EndToEnd-ADSource
owner:
id: 2c9180858315595501831958427e5424
name: Addie Smith
type: IDENTITY
segments:
- 1d126fe0-45e2-4aea-bc64-a07e9344ef26
manuallyUpdatedFields:
DISPLAY_NAME: true
DESCRIPTION: true
id: 2c91808c74ff913f0175097daa9d59cd
name: LauncherTest1
created: '2020-10-08T18:33:52.029Z'
modified: '2021-01-19T16:53:35.707Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchEntitlement
tags:
- Entitlements
summary: Patch an entitlement
description: |-
This API updates an existing entitlement using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
The following fields are patchable: **requestable**, **privileged**, **segments**, **owner**, **name**, **description**, and **manuallyUpdatedFields**
When you're patching owner, only owner type and owner id must be provided. Owner name is optional, and it won't be modified. If the owner name is provided, it should correspond to the real name. The only owner type currently supported is IDENTITY.
security:
- userAuth:
- 'idn:entitlement:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
parameters:
- name: id
in: path
description: ID of the entitlement to patch
required: true
x-sailpoint-resource-operation-id: listEntitlements
schema:
type: string
example: 2c91808a7813090a017814121e121518
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /requestable
value: true
examples:
Make an entitlement requestable and privileged in one call:
description: This example shows how multiple fields may be updated with a single patch call.
value:
- op: replace
path: /requestable
value: true
- op: replace
path: /privileged
value: true
Assign an entitlement to a segment:
description: This example shows how to use patch to assign an entitlement to a segment by adding the segment's ID to the entitlement's segments array.
value:
- op: add
path: /segments/-
value: f7b1b8a3-5fed-4fd4-ad29-82014e137e19
Assign an owner to an entitlement:
description: This example shows how to use patch to assign an owner to an entitlement by adding the owner's info to the entitlement.
value:
- op: add
path: /owner
value:
type: IDENTITY
id: 2c9180858315595501831958427e5424
Replace an owner for an entitlement:
description: This example shows how to use patch to replace an entitlement's owner by replacing the owner's info to the entitlement.
value:
- op: replace
path: /owner
value:
type: IDENTITY
id: 2c9180858315595501831958427e5424
Set entitlement manually updated fields:
description: 'This example shows how to set an entitlement''s manually updated fields values with patch request. Values for all manually updateable fields must be specified in the request. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.'
value:
- op: replace
path: /manuallyUpdatedFields
value:
DISPLAY_NAME: true
DESCRIPTION: true
Add the description for an entitlement:
description: This example shows how to use patch to add a description for the entitlement.
value:
- op: add
path: /description
value: new description for the entitlement
Update the name for an entitlement:
description: This example shows how to use patch to update an entitlement's name.
value:
- op: replace
path: /name
value: entitlement new name
responses:
'200':
description: Responds with the entitlement as updated.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
attribute:
type: string
description: The entitlement attribute name
example: memberOf
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
description:
type: string
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
nullable: true
privileged:
type: boolean
description: True if the entitlement is privileged
default: false
example: true
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
default: false
example: true
requestable:
type: boolean
description: True if the entitlement is able to be directly requested
example: true
default: false
owner:
type: object
description: The identity that owns the entitlement
nullable: true
properties:
id:
type: string
description: The identity ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
enum:
- IDENTITY
description: The type of object
example: IDENTITY
name:
type: string
description: The display name of the identity
example: john.doe
manuallyUpdatedFields:
type: object
description: 'A map of entitlement fields that have been manually updated. The key is the field name in UPPER_SNAKE_CASE format, and the value is true or false to indicate if the field has been updated.'
nullable: true
additionalProperties: true
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
type: object
description: Additional data to classify the entitlement
properties:
attributes:
type: array
items:
type: object
description: Metadata that describes an access item
properties:
key:
type: string
description: Unique identifier for the metadata type
example: iscCsp
name:
type: string
description: Human readable name of the metadata type
example: CSP
multiselect:
type: boolean
default: false
example: true
description: Allows selecting multiple values
status:
type: string
description: The state of the metadata item
example: active
type:
type: string
description: The type of the metadata item
example: governance
objectTypes:
type: array
description: The types of objects
example:
- general
items:
type: string
example: general
description:
type: string
description: Describes the metadata item
example: Indicates the type of deployment environment of an access item.
values:
type: array
description: The value to assign to the metadata item
items:
type: object
description: An individual value to assign to the metadata item
properties:
value:
type: string
description: The value to assign to the metdata item
example: development
name:
type: string
description: Display name of the value
example: Development
status:
type: string
description: The status of the individual value
example: active
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
example: HereIsRight1
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/entitlements/{id}/parents':
get:
operationId: listEntitlementParents
tags:
- Entitlements
summary: List of entitlements parents
description: This API returns a list of all parent entitlements of a given entitlement.
security:
- userAuth:
- 'idn:entitlement:read'
- 'idn:entitlement:manage'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listEntitlements
description: Entitlement Id
example: 2c91808c74ff913f0175097daa9d59cd
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, type, attribute, value, source.id**
example: 'name,-modified'
required: false
style: form
explode: true
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in, sw*
**type**: *eq, in*
**attribute**: *eq, in*
**value**: *eq, in, sw*
**source.id**: *eq, in*
**requestable**: *eq*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
example: attribute eq "memberOf"
required: false
style: form
explode: true
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of entitlements parents from an entitlement
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
attribute:
type: string
description: The entitlement attribute name
example: memberOf
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
description:
type: string
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
nullable: true
privileged:
type: boolean
description: True if the entitlement is privileged
default: false
example: true
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
default: false
example: true
requestable:
type: boolean
description: True if the entitlement is able to be directly requested
example: true
default: false
owner:
type: object
description: The identity that owns the entitlement
nullable: true
properties:
id:
type: string
description: The identity ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
enum:
- IDENTITY
description: The type of object
example: IDENTITY
name:
type: string
description: The display name of the identity
example: john.doe
manuallyUpdatedFields:
type: object
description: 'A map of entitlement fields that have been manually updated. The key is the field name in UPPER_SNAKE_CASE format, and the value is true or false to indicate if the field has been updated.'
nullable: true
additionalProperties: true
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
type: object
description: Additional data to classify the entitlement
properties:
attributes:
type: array
items:
type: object
description: Metadata that describes an access item
properties:
key:
type: string
description: Unique identifier for the metadata type
example: iscCsp
name:
type: string
description: Human readable name of the metadata type
example: CSP
multiselect:
type: boolean
default: false
example: true
description: Allows selecting multiple values
status:
type: string
description: The state of the metadata item
example: active
type:
type: string
description: The type of the metadata item
example: governance
objectTypes:
type: array
description: The types of objects
example:
- general
items:
type: string
example: general
description:
type: string
description: Describes the metadata item
example: Indicates the type of deployment environment of an access item.
values:
type: array
description: The value to assign to the metadata item
items:
type: object
description: An individual value to assign to the metadata item
properties:
value:
type: string
description: The value to assign to the metdata item
example: development
name:
type: string
description: Display name of the value
example: Development
status:
type: string
description: The status of the individual value
example: active
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
example: HereIsRight1
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
example:
- sourceSchemaObjectType: group
attribute: memberOf
attributes:
GroupType: Security
sAMAccountName: LauncherTest1
GroupScope: Global
objectguid: '{01a6e70b-9705-4155-a5c6-492a9bcc8c64}'
objectSid: S-1-5-21-3585869415-1648031554-2909195034-1633
cn: LauncherTest1
msDS-PrincipalName: AUTOMATIONAD\LauncherTest1
value: 'CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
description: some description
privileged: false
cloudGoverned: false
source:
type: SOURCE
id: 2c9180877504c40e0175097d5ce707c8
name: EndToEnd-ADSource
owner:
id: 2a2fdacca5e345f18bf7970cfbb8fec2
name: identity 1
type: IDENTITY
segments:
- 1d126fe0-45e2-4aea-bc64-a07e9344ef26
manuallyUpdatedFields:
DISPLAY_NAME: true
DESCRIPTION: true
id: 2c91808c74ff913f0175097daa9d59cd
name: LauncherTest1
created: '2020-10-08T18:33:52.029Z'
modified: '2021-01-19T16:53:35.707Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/entitlements/{id}/children':
get:
operationId: listEntitlementChildren
tags:
- Entitlements
summary: List of entitlements children
description: This API returns a list of all child entitlements of a given entitlement.
security:
- userAuth:
- 'idn:entitlement:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listEntitlements
description: Entitlement Id
example: 2c91808874ff91550175097daaec161c
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, type, attribute, value, source.id**
example: 'name,-modified'
required: false
style: form
explode: true
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in, sw*
**type**: *eq, in*
**attribute**: *eq, in*
**value**: *eq, in, sw*
**source.id**: *eq, in*
**requestable**: *eq*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
example: attribute eq "memberOf"
required: false
style: form
explode: true
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of entitlements children from an entitlement
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
attribute:
type: string
description: The entitlement attribute name
example: memberOf
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
description:
type: string
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
nullable: true
privileged:
type: boolean
description: True if the entitlement is privileged
default: false
example: true
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
default: false
example: true
requestable:
type: boolean
description: True if the entitlement is able to be directly requested
example: true
default: false
owner:
type: object
description: The identity that owns the entitlement
nullable: true
properties:
id:
type: string
description: The identity ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
enum:
- IDENTITY
description: The type of object
example: IDENTITY
name:
type: string
description: The display name of the identity
example: john.doe
manuallyUpdatedFields:
type: object
description: 'A map of entitlement fields that have been manually updated. The key is the field name in UPPER_SNAKE_CASE format, and the value is true or false to indicate if the field has been updated.'
nullable: true
additionalProperties: true
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
type: object
description: Additional data to classify the entitlement
properties:
attributes:
type: array
items:
type: object
description: Metadata that describes an access item
properties:
key:
type: string
description: Unique identifier for the metadata type
example: iscCsp
name:
type: string
description: Human readable name of the metadata type
example: CSP
multiselect:
type: boolean
default: false
example: true
description: Allows selecting multiple values
status:
type: string
description: The state of the metadata item
example: active
type:
type: string
description: The type of the metadata item
example: governance
objectTypes:
type: array
description: The types of objects
example:
- general
items:
type: string
example: general
description:
type: string
description: Describes the metadata item
example: Indicates the type of deployment environment of an access item.
values:
type: array
description: The value to assign to the metadata item
items:
type: object
description: An individual value to assign to the metadata item
properties:
value:
type: string
description: The value to assign to the metdata item
example: development
name:
type: string
description: Display name of the value
example: Development
status:
type: string
description: The status of the individual value
example: active
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
example: HereIsRight1
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
example:
- sourceSchemaObjectType: group
attribute: memberOf
attributes:
GroupType: Security
sAMAccountName: LauncherTest1
GroupScope: Global
objectguid: '{01a6e70b-9705-4155-a5c6-492a9bcc8c64}'
objectSid: S-1-5-21-3585869415-1648031554-2909195034-1633
cn: LauncherTest1
msDS-PrincipalName: AUTOMATIONAD\LauncherTest1
value: 'CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
description: some description
privileged: false
cloudGoverned: false
source:
type: SOURCE
id: 2c9180877504c40e0175097d5ce707c8
name: EndToEnd-ADSource
owner:
id: 2a2fdacca5e345f18bf7970cfbb8fec2
name: identity 1
type: IDENTITY
segments:
- 1d126fe0-45e2-4aea-bc64-a07e9344ef26
manuallyUpdatedFields:
DISPLAY_NAME: true
DESCRIPTION: true
id: 2c91808c74ff913f0175097daa9d59cd
name: LauncherTest1
created: '2020-10-08T18:33:52.029Z'
modified: '2021-01-19T16:53:35.707Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/entitlements/bulk-update:
post:
operationId: updateEntitlementsInBulk
tags:
- Entitlements
summary: Bulk update an entitlement list
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
description: |
"This API applies an update to every entitlement of the list.\n\nThe\
\ number of entitlements to update is limited to 50 items maximum.\n\nThe JsonPatch\
\ update follows the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\
\ allowed operations : `**{ \"op\": \"replace\", \"path\": \"/privileged\", \"\
value\": boolean }** **{ \"op\": \"replace\", \"path\": \"/requestable\",\"value\"\
: boolean }**`"
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
entitlementIds:
type: array
description: List of entitlement ids to update
maxItems: 50
items:
type: string
example:
- 2c91808a7624751a01762f19d665220d
- 2c91808a7624751a01762f19d67c220e
- 2c91808a7624751a01762f19d692220f
jsonPatch:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /privileged
value: false
- op: replace
path: /requestable
value: false
example:
entitlementIds:
- 2c91808a7624751a01762f19d665220d
- 2c91808a7624751a01762f19d67c220e
- 2c91808a7624751a01762f19d692220f
jsonPatch:
- op: replace
path: /privileged
value: false
- op: replace
path: /requestable
value: false
required:
- entitlementIds
- jsonPatch
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/entitlements/{id}/entitlement-request-config':
get:
operationId: getEntitlementRequestConfig
tags:
- Entitlements
summary: Get entitlement request config
description: This API returns the entitlement request config for a specified entitlement.
security:
- userAuth:
- 'idn:entitlement:read'
- 'idn:entitlement:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_SUBADMIN
- SOURCE_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listEntitlements
description: Entitlement Id
example: 2c91808874ff91550175097daaec161c
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: An Entitlement Request Config
content:
application/json:
schema:
type: object
properties:
accessRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
reauthorizationRequired:
type: boolean
description: Is Reauthorization Required
default: false
example: false
revocationRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
example:
accessRequestConfig:
requestCommentRequired: true
denialCommentRequired: true
reauthorizationRequired: false
approvalSchemes:
- approverType: ENTITLEMENT_OWNER
approverId: null
- approverType: SOURCE_OWNER
approverId: null
- approverType: MANAGER
approverId: null
- approverType: GOVERNANCE_GROUP
approverId: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
approvalSchemes:
- approverType: ENTITLEMENT_OWNER
approverId: null
- approverType: SOURCE_OWNER
approverId: null
- approverType: MANAGER
approverId: null
- approverType: GOVERNANCE_GROUP
approverId: 46c79819-a69f-49a2-becb-12c971ae66c6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putEntitlementRequestConfig
tags:
- Entitlements
summary: Replace entitlement request config
description: This API replaces the entitlement request config for a specified entitlement.
security:
- userAuth:
- 'idn:entitlement:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_SUBADMIN
- SOURCE_ADMIN
parameters:
- name: id
in: path
description: Entitlement ID
required: true
x-sailpoint-resource-operation-id: listEntitlements
schema:
type: string
example: 2c91808a7813090a017814121e121518
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
accessRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
reauthorizationRequired:
type: boolean
description: Is Reauthorization Required
default: false
example: false
revocationRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
responses:
'200':
description: Responds with the entitlement request config as updated.
content:
application/json:
schema:
type: object
properties:
accessRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
reauthorizationRequired:
type: boolean
description: Is Reauthorization Required
default: false
example: false
revocationRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
example:
accessRequestConfig:
requestCommentRequired: true
denialCommentRequired: true
approvalSchemes:
- approverType: ENTITLEMENT_OWNER
approverId: null
- approverType: SOURCE_OWNER
approverId: null
- approverType: MANAGER
approverId: null
- approverType: GOVERNANCE_GROUP
approverId: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
approvalSchemes:
- approverType: ENTITLEMENT_OWNER
approverId: null
- approverType: SOURCE_OWNER
approverId: null
- approverType: MANAGER
approverId: null
- approverType: GOVERNANCE_GROUP
approverId: 46c79819-a69f-49a2-becb-12c971ae66c6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/entitlements/reset/sources/{id}':
post:
operationId: resetSourceEntitlements
tags:
- Entitlements
summary: Reset source entitlements
description: |-
Remove all entitlements from a specific source.
To reload the accounts along with the entitlements you removed, you must run an unoptimized aggregation. To do so, use [Account Aggregation](https://developer.sailpoint.com/docs/api/v2024/import-accounts/) with `disableOptimization` = `true`.
parameters:
- name: id
in: path
description: ID of source for the entitlement reset
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'202':
description: Entitlement source reset task result
content:
application/json:
schema:
type: object
properties:
type:
type: string
description: The DTO type
example: TASK_RESULT
id:
type: string
description: The task ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Entitlement Source Reset
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:entitlement:update'
'/entitlements/{id}/access-model-metadata/{attributeKey}/values/{attributeValue}':
post:
summary: Add metadata to an entitlement.
description: Add single Access Model Metadata to an entitlement.
tags:
- Entitlements
operationId: createAccessModelMetadataForEntitlement
security:
- userAuth:
- 'idn:entitlement:update'
parameters:
- name: id
in: path
required: true
x-sailpoint-resource-operation-id: listEntitlements
schema:
type: string
description: The entitlement id.
example: 2c91808c74ff913f0175097daa9d59cd
- name: attributeKey
in: path
required: true
x-sailpoint-resource-operation-id: listAccessModelMetadataAttribute
schema:
type: string
description: Technical name of the Attribute.
example: iscPrivacy
- name: attributeValue
in: path
required: true
x-sailpoint-resource-operation-id: listAccessModelMetadataAttributeValue
schema:
type: string
description: Technical name of the Attribute Value.
example: public
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
attribute:
type: string
description: The entitlement attribute name
example: memberOf
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
description:
type: string
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
nullable: true
privileged:
type: boolean
description: True if the entitlement is privileged
default: false
example: true
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
default: false
example: true
requestable:
type: boolean
description: True if the entitlement is able to be directly requested
example: true
default: false
owner:
type: object
description: The identity that owns the entitlement
nullable: true
properties:
id:
type: string
description: The identity ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
enum:
- IDENTITY
description: The type of object
example: IDENTITY
name:
type: string
description: The display name of the identity
example: john.doe
manuallyUpdatedFields:
type: object
description: 'A map of entitlement fields that have been manually updated. The key is the field name in UPPER_SNAKE_CASE format, and the value is true or false to indicate if the field has been updated.'
nullable: true
additionalProperties: true
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
type: object
description: Additional data to classify the entitlement
properties:
attributes:
type: array
items:
type: object
description: Metadata that describes an access item
properties:
key:
type: string
description: Unique identifier for the metadata type
example: iscCsp
name:
type: string
description: Human readable name of the metadata type
example: CSP
multiselect:
type: boolean
default: false
example: true
description: Allows selecting multiple values
status:
type: string
description: The state of the metadata item
example: active
type:
type: string
description: The type of the metadata item
example: governance
objectTypes:
type: array
description: The types of objects
example:
- general
items:
type: string
example: general
description:
type: string
description: Describes the metadata item
example: Indicates the type of deployment environment of an access item.
values:
type: array
description: The value to assign to the metadata item
items:
type: object
description: An individual value to assign to the metadata item
properties:
value:
type: string
description: The value to assign to the metdata item
example: development
name:
type: string
description: Display name of the value
example: Development
status:
type: string
description: The status of the individual value
example: active
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
example: HereIsRight1
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
summary: Remove metadata from an entitlement.
description: Remove single Access Model Metadata from an entitlement.
tags:
- Entitlements
operationId: deleteAccessModelMetadataFromEntitlement
security:
- userAuth:
- 'idn:entitlement:delete'
parameters:
- name: id
in: path
required: true
x-sailpoint-resource-operation-id: listEntitlements
schema:
type: string
description: The entitlement id.
example: 2c91808c74ff913f0175097daa9d59cd
- name: attributeKey
in: path
required: true
x-sailpoint-resource-operation-id: listAccessModelMetadataAttribute
schema:
type: string
description: Technical name of the Attribute.
example: iscPrivacy
- name: attributeValue
in: path
required: true
x-sailpoint-resource-operation-id: listAccessModelMetadataAttributeValue
schema:
type: string
description: Technical name of the Attribute Value.
example: public
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: OK
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/entitlements/aggregate/sources/{id}':
post:
tags:
- Entitlements
summary: Aggregate entitlements
deprecated: true
operationId: importEntitlementsBySource
description: |-
Starts an entitlement aggregation on the specified source. Though this endpoint has been deprecated, you can find its Beta equivalent [here](https://developer.sailpoint.com/docs/api/beta/import-entitlements).
If the target source is a direct connection, then the request body must be empty. You will also need to make sure the Content-Type header is not set. If you set the Content-Type header without specifying a body, then you will receive a 500 error.
If the target source is a delimited file source, then the CSV file needs to be included in the request body. You will also need to set the Content-Type header to `multipart/form-data`.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: Source Id
example: ef38f94347e94562b5bb8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
csvFile:
type: string
format: binary
description: The CSV file containing the source entitlements to aggregate.
responses:
'202':
description: Aggregate Entitlements Task
content:
application/json:
schema:
type: object
properties:
id:
description: System-generated unique ID of the task this taskStatus represents
type: string
example: ef38f94347e94562b5bb8424a56397d8
type:
description: Type of task this task represents
type: string
example: QUARTZ
uniqueName:
description: The name of the task
type: string
example: Cloud Group Aggregation
description:
description: The description of the task
type: string
example: Aggregate from the specified application
launcher:
description: The user who initiated the task
type: string
example: John Doe
created:
description: The creation date of the task
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
returns:
description: Return values from the task
type: array
items:
type: object
properties:
displayLabel:
description: The display label for the return value
type: string
example: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_APPLICATIONS
attributeName:
description: The attribute name for the return value
type: string
example: applications
example:
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_APPLICATIONS
attributeName: applications
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_TOTAL
attributeName: total
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_CREATED
attributeName: groupsCreated
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_UPDATED
attributeName: groupsUpdated
- displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_DELETED
attributeName: groupsDeleted
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:entitlements:manage'
/generate-password-reset-token/digit:
post:
operationId: createDigitToken
security:
- userAuth:
- 'idn:password-digit-token:create'
summary: Generate a digit token
tags:
- Password Management
description: 'This API is used to generate a digit token for password management. Requires authorization scope of "idn:password-digit-token:create".'
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- userId
properties:
userId:
type: string
description: The uid of the user requested for digit token
example: Abby.Smith
length:
type: integer
description: 'The length of digit token. It should be from 6 to 18, inclusive. The default value is 6.'
example: 8
durationMinutes:
type: integer
description: The time to live for the digit token in minutes. The default value is 5 minutes.
example: 5
example:
userId: Abby.Smith
length: 8
durationMinutes: 5
responses:
'200':
description: The digit token for password management.
content:
application/json:
schema:
type: object
properties:
digitToken:
type: string
description: The digit token for password management
example: 9087713
requestId:
type: string
description: The reference ID of the digit token generation request
example: e1267ecd-fcd9-4c73-9c55-12555efad136
example:
digitToken: 9087713
requestId: e1267ecd-fcd9-4c73-9c55-12555efad136
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/historical-identities:
get:
operationId: listHistoricalIdentities
summary: Lists all the identities
description: 'This gets the list of identities for the customer. This list end point does not support count=true request param. The total count of identities would never be returned even if the count param is specified in the request Requires authorization scope of ''idn:identity-history:read'''
security:
- userAuth:
- 'idn:identity-history:read'
tags:
- Identity History
parameters:
- in: query
name: starts-with-query
schema:
type: string
description: 'This param is used for starts-with search for first, last and display name of the identity'
example: Ada
- in: query
name: is-deleted
schema:
type: boolean
description: Indicates if we want to only list down deleted identities or not.
example: true
- in: query
name: is-active
schema:
type: boolean
description: Indicates if we want to only list active or inactive identities.
example: true
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of identities for the customer.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: the identity ID
example: bc693f07e7b645539626c25954c58554
displayName:
type: string
description: the display name of the identity
example: Adam Zampa
firstName:
type: string
nullable: true
description: the first name of the identity
example: Adam
lastName:
type: string
nullable: true
description: the last name of the identity
example: Zampa
active:
type: boolean
default: true
description: indicates if an identity is active or not
example: true
deletedDate:
type: string
nullable: true
description: the date when the identity was deleted
example: '2007-03-01T13:00:00.000Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}':
get:
operationId: getHistoricalIdentity
tags:
- Identity History
summary: Get latest snapshot of identity
description: 'This method retrieves a specified identity Requires authorization scope of ''idn:identity-history:read'''
security:
- userAuth:
- 'idn:identity-history:read'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listHistoricalIdentities
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: The identity object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: the identity ID
example: bc693f07e7b645539626c25954c58554
displayName:
type: string
description: the display name of the identity
example: Adam Zampa
snapshot:
type: string
description: the date when the identity record was created
example: '2007-03-01T13:00:00.000Z'
deletedDate:
type: string
description: the date when the identity was deleted
example: '2007-03-01T13:00:00.000Z'
accessItemCount:
type: object
description: A map containing the count of each access item
example:
app: 0
role: 2
entitlement: 4
accessProfile: 3
account: 1
additionalProperties:
type: integer
format: int32
attributes:
type: object
description: A map containing the identity attributes
additionalProperties: true
example:
jobTitle: HR Manager
location: NYC
firstname: Adam
lastname: Zampa
department: HR
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/access-items':
get:
operationId: listIdentityAccessItems
tags:
- Identity History
summary: List access items by identity
security:
- userAuth:
- 'idn:identity-history:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- HELPDESK
- REPORT_ADMIN
description: |
This method retrieves a list of access item for the identity filtered by the access item type
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listHistoricalIdentities
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: type
schema:
type: string
required: false
description: 'The type of access item for the identity. If not provided, it defaults to account'
example: account
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
responses:
'200':
description: The list of access items.
content:
application/json:
schema:
type: array
items:
oneOf:
- type: object
properties:
accessType:
type: string
example: accessProfile
description: the access item type. accessProfile in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
name:
type: string
example: sample
description: the access profile name
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: AccessProfile - Workday/Citizenship access
description: the description for the access profile
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
entitlementCount:
type: string
example: 12
description: the number of entitlements the access profile will create
appDisplayName:
type: string
example: AppName
description: the name of
removeDate:
type: string
example: '2024-07-01T06:00:00.00Z'
description: the date the access profile is no longer assigned to the specified identity
standalone:
type: boolean
example: false
description: indicates whether the access profile is standalone
revocable:
type: boolean
example: true
description: indicates whether the access profile is
required:
- standalone
- revocable
- type: object
properties:
accessType:
type: string
example: account
description: the access item type. account in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
nativeIdentity:
type: string
example: dr.arden.ogahn.d
description: the native identifier used to uniquely identify an acccount
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
entitlementCount:
type: string
example: 12
description: the number of entitlements the account will create
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
- type: object
properties:
accessType:
type: string
example: app
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: Display Name
description: the access item display name
sourceName:
type: string
example: appName
description: the associated source name if it exists
appRoleId:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the app role id
- type: object
properties:
accessType:
type: string
example: entitlement
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
attribute:
type: string
example: groups
description: the entitlement attribute
value:
type: string
example: Upward mobility access
description: the associated value
entitlementType:
type: string
example: entitlement
description: the type of entitlement
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: Entitlement - Workday/Citizenship access
description: the description for the entitlment
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
standalone:
type: boolean
example: true
description: indicates whether the entitlement is standalone
privileged:
type: boolean
example: false
description: indicates whether the entitlement is privileged
cloudGoverned:
type: boolean
example: true
description: indicates whether the entitlement is cloud governed
required:
- standalone
- privileged
- cloudGoverned
- type: object
properties:
accessType:
type: string
example: role
description: the access item type. role in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: sample
description: the role display name
description:
type: string
example: Role - Workday/Citizenship access
description: the description for the role
sourceName:
type: string
example: Source Name
description: the associated source name if it exists
removeDate:
type: string
example: '2024-07-01T06:00:00.00Z'
description: the date the role is no longer assigned to the specified identity
revocable:
type: boolean
example: true
description: indicates whether the role is revocable
required:
- revocable
examples:
Access Profile:
description: An access profile response
value:
- accessType: accessProfile
id: 2c918087763e69d901763e72e97f006f
name: sample
sourceName: DataScienceDataset
sourceId: 2793o32dwd
description: AccessProfile - Workday/Citizenship access
displayName: Dr. Arden Rogahn MD
entitlementCount: 12
appDisplayName: AppName
Account:
description: An account response
value:
- accessType: account
id: 2c918087763e69d901763e72e97f006f
nativeIdentity: dr.arden.ogahn.d
sourceName: DataScienceDataset
sourceId: 2793o32dwd
entitlementCount: 12
displayName: Dr. Arden Rogahn MD
App:
description: An app response
value:
- accessType: app
id: 2c918087763e69d901763e72e97f006f
name: appName
Entitlement:
description: An entitlement event
value:
- accessType: entitlement
id: 2c918087763e69d901763e72e97f006f
attribute: groups
value: Upward mobility access
type: group
sourceName: DataScienceDataset
sourceId: 2793o32dwd
description: Entitlement - Workday/Citizenship access
displayName: Dr. Arden Rogahn MD
Role:
description: A role response
value:
- accessType: role
id: 2c918087763e69d901763e72e97f006f
name: sample
description: Role - Workday/Citizenship access
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/snapshots':
get:
operationId: listIdentitySnapshots
tags:
- Identity History
summary: Lists all the snapshots for the identity
description: 'This method retrieves all the snapshots for the identity Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listHistoricalIdentities
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: start
schema:
type: string
description: The specified start date
example: '2007-03-01T13:00:00Z'
- in: query
name: interval
schema:
type: string
enum:
- day
- month
description: The interval indicating the range in day or month for the specified interval-name
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: A list of identity summary for each snapshot.
content:
application/json:
schema:
type: array
items:
type: object
properties:
snapshot:
type: string
description: the date when the identity record was created
example: '2007-03-01T13:00:00.000Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/snapshot-summary':
get:
operationId: getIdentitySnapshotSummary
tags:
- Identity History
summary: Gets the summary for the event count for a specific identity
description: 'This method gets the summary for the event count for a specific identity by month/day Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listHistoricalIdentities
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: before
schema:
type: string
description: The date before which snapshot summary is required
example: '2007-03-01T13:00:00Z'
- in: query
name: interval
schema:
type: string
enum:
- day
- month
description: The interval indicating day or month. Defaults to month if not specified
- in: query
name: time-zone
schema:
type: string
description: The time zone. Defaults to UTC if not provided
example: UTC
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: A summary list of identity changes in date histogram format.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: the name of metric
value:
type: number
description: the value associated to the metric
example:
name: '2021-04-01T00:00:00.000Z'
value: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/snapshots/{date}':
get:
operationId: getIdentitySnapshot
tags:
- Identity History
summary: Gets an identity snapshot at a given date
description: 'This method retrieves a specified identity snapshot at a given date Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listHistoricalIdentities
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: path
name: date
schema:
type: string
description: The specified date
example: '2007-03-01T13:00:00Z'
required: true
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: The identity object.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: the identity ID
example: bc693f07e7b645539626c25954c58554
displayName:
type: string
description: the display name of the identity
example: Adam Zampa
snapshot:
type: string
description: the date when the identity record was created
example: '2007-03-01T13:00:00.000Z'
deletedDate:
type: string
description: the date when the identity was deleted
example: '2007-03-01T13:00:00.000Z'
accessItemCount:
type: object
description: A map containing the count of each access item
example:
app: 0
role: 2
entitlement: 4
accessProfile: 3
account: 1
additionalProperties:
type: integer
format: int32
attributes:
type: object
description: A map containing the identity attributes
additionalProperties: true
example:
jobTitle: HR Manager
location: NYC
firstname: Adam
lastname: Zampa
department: HR
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/snapshots/{date}/access-items':
get:
operationId: listIdentitySnapshotAccessItems
tags:
- Identity History
summary: Gets the list of identity access items at a given date filterd by item type
description: 'This method retrieves the list of identity access items at a given date filterd by item type Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listHistoricalIdentities
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: path
name: date
schema:
type: string
required: true
description: The specified date
example: '2007-03-01T13:00:00Z'
- in: query
name: type
schema:
type: string
description: The access item type
example: account
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: The identity object.
content:
application/json:
schema:
type: array
items:
oneOf:
- type: object
properties:
accessType:
type: string
example: accessProfile
description: the access item type. accessProfile in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
name:
type: string
example: sample
description: the access profile name
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: AccessProfile - Workday/Citizenship access
description: the description for the access profile
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
entitlementCount:
type: string
example: 12
description: the number of entitlements the access profile will create
appDisplayName:
type: string
example: AppName
description: the name of
removeDate:
type: string
example: '2024-07-01T06:00:00.00Z'
description: the date the access profile is no longer assigned to the specified identity
standalone:
type: boolean
example: false
description: indicates whether the access profile is standalone
revocable:
type: boolean
example: true
description: indicates whether the access profile is
required:
- standalone
- revocable
- type: object
properties:
accessType:
type: string
example: account
description: the access item type. account in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
nativeIdentity:
type: string
example: dr.arden.ogahn.d
description: the native identifier used to uniquely identify an acccount
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
entitlementCount:
type: string
example: 12
description: the number of entitlements the account will create
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
- type: object
properties:
accessType:
type: string
example: app
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: Display Name
description: the access item display name
sourceName:
type: string
example: appName
description: the associated source name if it exists
appRoleId:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the app role id
- type: object
properties:
accessType:
type: string
example: entitlement
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
attribute:
type: string
example: groups
description: the entitlement attribute
value:
type: string
example: Upward mobility access
description: the associated value
entitlementType:
type: string
example: entitlement
description: the type of entitlement
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: Entitlement - Workday/Citizenship access
description: the description for the entitlment
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
standalone:
type: boolean
example: true
description: indicates whether the entitlement is standalone
privileged:
type: boolean
example: false
description: indicates whether the entitlement is privileged
cloudGoverned:
type: boolean
example: true
description: indicates whether the entitlement is cloud governed
required:
- standalone
- privileged
- cloudGoverned
- type: object
properties:
accessType:
type: string
example: role
description: the access item type. role in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: sample
description: the role display name
description:
type: string
example: Role - Workday/Citizenship access
description: the description for the role
sourceName:
type: string
example: Source Name
description: the associated source name if it exists
removeDate:
type: string
example: '2024-07-01T06:00:00.00Z'
description: the date the role is no longer assigned to the specified identity
revocable:
type: boolean
example: true
description: indicates whether the role is revocable
required:
- revocable
examples:
Access Item AccessProfile Response:
description: An access profile response
value:
- type: accessProfile
id: 2c918087763e69d901763e72e97f006f
name: sample
sourceName: DataScienceDataset
sourceId: 2793o32dwd
description: AccessProfile - Workday/Citizenship access
displayName: Dr. Arden Rogahn MD
entitlementCount: 12
appDisplayName: AppName
Access Item Account Response:
description: An account response
value:
- type: account
id: 2c918087763e69d901763e72e97f006f
nativeIdentity: dr.arden.ogahn.d
sourceName: DataScienceDataset
sourceId: 2793o32dwd
entitlementCount: 12
displayName: Dr. Arden Rogahn MD
Access Item App Response:
description: An app response
value:
- type: app
id: 2c918087763e69d901763e72e97f006f
name: appName
Access Item Entitlement Response:
description: An entitlement event
value:
- type: entitlement
id: 2c918087763e69d901763e72e97f006f
attribute: groups
value: Upward mobility access
entitlementType: entitlement
sourceName: DataScienceDataset
sourceId: 2793o32dwd
description: Entitlement - Workday/Citizenship access
displayName: Dr. Arden Rogahn MD
Access Item Role Response:
description: A role response
value:
- type: role
id: 2c918087763e69d901763e72e97f006f
name: sample
description: Role - Workday/Citizenship access
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/common-access:
get:
operationId: getCommonAccess
summary: Get a paginated list of common access
tags:
- IAI Common Access
description: 'This endpoint returns the current common access for a customer. The returned items can be filtered and sorted. Requires authorization scope of iai:access-modeling:read'
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**status**: *eq, sw*
**reviewedByUser** *eq*
**access.id**: *eq, sw*
**access.type**: *eq*
**access.name**: *sw, eq*
**access.description**: *sw, eq*
example: access.type eq "ROLE"
required: false
style: form
explode: true
schema:
type: string
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.name, status**
By default the common access items are sorted by name, ascending.
example: access.name
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of common access for a customer.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Unique ID of the common access item
example: 555ab47a-0d32-4813-906f-adf3567de6a4
access:
description: common access item
type: object
properties:
id:
type: string
description: Common access ID
type:
description: Common access type (ROLE or ACCESS_PROFILE)
type: string
enum:
- ACCESS_PROFILE
- ROLE
name:
type: string
description: Common access name
description:
type: string
description: Common access description
nullable: true
ownerName:
type: string
description: Common access owner name
ownerId:
type: string
description: Common access owner ID
status:
type: string
description: CONFIRMED or DENIED
commonAccessType:
type: string
example: UNSET
lastUpdated:
type: string
readOnly: true
format: date-time
reviewedByUser:
type: boolean
description: true if user has confirmed or denied status
lastReviewed:
type: string
readOnly: true
format: date-time
nullable: true
createdByUser:
type: boolean
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createCommonAccess
summary: Create common access items
tags:
- IAI Common Access
description: 'This API is used to add roles/access profiles to the list of common access for a customer. Requires authorization scope of iai:access-modeling:create'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
access:
type: object
properties:
id:
type: string
description: Common access ID
type:
description: Common access type (ROLE or ACCESS_PROFILE)
type: string
enum:
- ACCESS_PROFILE
- ROLE
name:
type: string
description: Common access name
description:
type: string
description: Common access description
nullable: true
ownerName:
type: string
description: Common access owner name
ownerId:
type: string
description: Common access owner ID
status:
type: string
enum:
- CONFIRMED
- DENIED
description: State of common access item.
responses:
'202':
description: Returns details of the common access classification request.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Common Access Item ID
access:
type: object
properties:
id:
type: string
description: Common access ID
type:
description: Common access type (ROLE or ACCESS_PROFILE)
type: string
enum:
- ACCESS_PROFILE
- ROLE
name:
type: string
description: Common access name
description:
type: string
description: Common access description
nullable: true
ownerName:
type: string
description: Common access owner name
ownerId:
type: string
description: Common access owner ID
status:
type: string
enum:
- CONFIRMED
- DENIED
description: State of common access item.
lastUpdated:
type: string
reviewedByUser:
type: boolean
lastReviewed:
type: string
createdByUser:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/common-access/update-status:
post:
operationId: updateCommonAccessStatusInBulk
summary: Bulk update common access status
tags:
- IAI Common Access
description: 'This submits an update request to the common access application. At this time there are no parameters. Requires authorization scope of iai:access-modeling:update'
requestBody:
description: Confirm or deny in bulk the common access ids that are (or aren't) common access
required: true
content:
application/json:
schema:
type: array
items:
type: object
properties:
confirmedIds:
description: List of confirmed common access ids.
type: array
items:
type: string
format: uuid
deniedIds:
description: List of denied common access ids.
type: array
items:
type: string
format: uuid
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/historical-identities/{id}/events':
get:
operationId: getHistoricalIdentityEvents
tags:
- Identity History
summary: Lists all events for the given identity
description: 'This method retrieves all access events for the identity Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listHistoricalIdentities
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: from
schema:
type: string
description: The optional instant until which access events are returned
example: '2024-03-01T13:00:00Z'
- in: query
name: eventTypes
schema:
type: array
items:
type: string
description: 'An optional list of event types to return. If null or empty, all events are returned'
example:
- AccessAddedEvent
- AccessRemovedEvent
- in: query
name: accessItemTypes
schema:
type: array
items:
type: string
description: 'An optional list of access item types (app, account, entitlement, etc...) to return. If null or empty, all access items types are returned'
example:
- entitlement
- account
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: The list of events for the identity
content:
application/json:
schema:
type: array
items:
anyOf:
- type: object
properties:
accessItem:
type: object
oneOf:
- type: object
properties:
accessType:
type: string
example: accessProfile
description: the access item type. accessProfile in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
name:
type: string
example: sample
description: the access profile name
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: AccessProfile - Workday/Citizenship access
description: the description for the access profile
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
entitlementCount:
type: string
example: 12
description: the number of entitlements the access profile will create
appDisplayName:
type: string
example: AppName
description: the name of
removeDate:
type: string
example: '2024-07-01T06:00:00.00Z'
description: the date the access profile is no longer assigned to the specified identity
standalone:
type: boolean
example: false
description: indicates whether the access profile is standalone
revocable:
type: boolean
example: true
description: indicates whether the access profile is
required:
- standalone
- revocable
- type: object
properties:
accessType:
type: string
example: account
description: the access item type. account in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
nativeIdentity:
type: string
example: dr.arden.ogahn.d
description: the native identifier used to uniquely identify an acccount
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
entitlementCount:
type: string
example: 12
description: the number of entitlements the account will create
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
- type: object
properties:
accessType:
type: string
example: app
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: Display Name
description: the access item display name
sourceName:
type: string
example: appName
description: the associated source name if it exists
appRoleId:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the app role id
- type: object
properties:
accessType:
type: string
example: entitlement
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
attribute:
type: string
example: groups
description: the entitlement attribute
value:
type: string
example: Upward mobility access
description: the associated value
entitlementType:
type: string
example: entitlement
description: the type of entitlement
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: Entitlement - Workday/Citizenship access
description: the description for the entitlment
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
standalone:
type: boolean
example: true
description: indicates whether the entitlement is standalone
privileged:
type: boolean
example: false
description: indicates whether the entitlement is privileged
cloudGoverned:
type: boolean
example: true
description: indicates whether the entitlement is cloud governed
required:
- standalone
- privileged
- cloudGoverned
- type: object
properties:
accessType:
type: string
example: role
description: the access item type. role in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: sample
description: the role display name
description:
type: string
example: Role - Workday/Citizenship access
description: the description for the role
sourceName:
type: string
example: Source Name
description: the associated source name if it exists
removeDate:
type: string
example: '2024-07-01T06:00:00.00Z'
description: the date the role is no longer assigned to the specified identity
revocable:
type: boolean
example: true
description: indicates whether the role is revocable
required:
- revocable
example:
id: 8c190e6787aa4ed9a90bd9d5344523fb
accessType: account
nativeIdentity: 127999
sourceName: JDBC Entitlements Source
entitlementCount: 0
displayName: Sample Name
identityId:
type: string
description: the identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
eventType:
type: string
description: the event type
example: AccessItemAssociated
dt:
type: string
description: the date of event
example: '2019-03-08T22:37:33.901Z'
governanceEvent:
example:
name: Manager Certification for Jon Snow
dt: '2019-03-08T22:37:33.901Z'
type: certification
governanceId: 2c91808a77ff216301782327a50f09bf
owners:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
reviewers:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
decisionMaker:
id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
type: object
properties:
name:
type: string
description: 'The name of the governance event, such as the certification name or access request ID.'
example: Manager Certification for Jon Snow
dt:
type: string
description: The date that the certification or access request was completed.
example: '2019-03-08T22:37:33.901Z'
type:
type: string
enum:
- certification
- accessRequest
description: The type of governance event.
example: certification
governanceId:
type: string
description: The ID of the instance that caused the event - either the certification ID or access request ID.
example: 2c91808a77ff216301782327a50f09bf
owners:
type: array
description: The owners of the governance event (the certifiers or approvers)
items:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
example:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
reviewers:
type: array
description: 'The owners of the governance event (the certifiers or approvers), this field should be preferred over owners'
items:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
example:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
decisionMaker:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
description: The decision maker
example:
id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
- type: object
properties:
accessItem:
type: object
oneOf:
- type: object
properties:
accessType:
type: string
example: accessProfile
description: the access item type. accessProfile in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
name:
type: string
example: sample
description: the access profile name
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: AccessProfile - Workday/Citizenship access
description: the description for the access profile
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
entitlementCount:
type: string
example: 12
description: the number of entitlements the access profile will create
appDisplayName:
type: string
example: AppName
description: the name of
removeDate:
type: string
example: '2024-07-01T06:00:00.00Z'
description: the date the access profile is no longer assigned to the specified identity
standalone:
type: boolean
example: false
description: indicates whether the access profile is standalone
revocable:
type: boolean
example: true
description: indicates whether the access profile is
required:
- standalone
- revocable
- type: object
properties:
accessType:
type: string
example: account
description: the access item type. account in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
nativeIdentity:
type: string
example: dr.arden.ogahn.d
description: the native identifier used to uniquely identify an acccount
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
entitlementCount:
type: string
example: 12
description: the number of entitlements the account will create
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
- type: object
properties:
accessType:
type: string
example: app
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: Display Name
description: the access item display name
sourceName:
type: string
example: appName
description: the associated source name if it exists
appRoleId:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the app role id
- type: object
properties:
accessType:
type: string
example: entitlement
description: the access item type. entitlement in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
attribute:
type: string
example: groups
description: the entitlement attribute
value:
type: string
example: Upward mobility access
description: the associated value
entitlementType:
type: string
example: entitlement
description: the type of entitlement
sourceName:
type: string
example: DataScienceDataset
description: the name of the source
sourceId:
type: string
example: 2793o32dwd
description: the id of the source
description:
type: string
example: Entitlement - Workday/Citizenship access
description: the description for the entitlment
displayName:
type: string
example: Dr. Arden Rogahn MD
description: the display name of the identity
standalone:
type: boolean
example: true
description: indicates whether the entitlement is standalone
privileged:
type: boolean
example: false
description: indicates whether the entitlement is privileged
cloudGoverned:
type: boolean
example: true
description: indicates whether the entitlement is cloud governed
required:
- standalone
- privileged
- cloudGoverned
- type: object
properties:
accessType:
type: string
example: role
description: the access item type. role in this case
id:
type: string
example: 2c918087763e69d901763e72e97f006f
description: the access item id
displayName:
type: string
example: sample
description: the role display name
description:
type: string
example: Role - Workday/Citizenship access
description: the description for the role
sourceName:
type: string
example: Source Name
description: the associated source name if it exists
removeDate:
type: string
example: '2024-07-01T06:00:00.00Z'
description: the date the role is no longer assigned to the specified identity
revocable:
type: boolean
example: true
description: indicates whether the role is revocable
required:
- revocable
example:
id: 8c190e6787aa4ed9a90bd9d5344523fb
accessType: account
nativeIdentity: 127999
sourceName: JDBC Entitlements Source
entitlementCount: 0
displayName: Sample Name
identityId:
type: string
description: the identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
eventType:
type: string
description: the event type
example: AccessItemRemoved
dt:
type: string
description: the date of event
example: '2019-03-08T22:37:33.901Z'
governanceEvent:
example:
name: Manager Certification for Jon Snow
dt: '2019-03-08T22:37:33.901Z'
type: certification
governanceId: 2c91808a77ff216301782327a50f09bf
owners:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
reviewers:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
decisionMaker:
id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
type: object
properties:
name:
type: string
description: 'The name of the governance event, such as the certification name or access request ID.'
example: Manager Certification for Jon Snow
dt:
type: string
description: The date that the certification or access request was completed.
example: '2019-03-08T22:37:33.901Z'
type:
type: string
enum:
- certification
- accessRequest
description: The type of governance event.
example: certification
governanceId:
type: string
description: The ID of the instance that caused the event - either the certification ID or access request ID.
example: 2c91808a77ff216301782327a50f09bf
owners:
type: array
description: The owners of the governance event (the certifiers or approvers)
items:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
example:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
reviewers:
type: array
description: 'The owners of the governance event (the certifiers or approvers), this field should be preferred over owners'
items:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
example:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
decisionMaker:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
description: The decision maker
example:
id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
- type: object
properties:
changes:
type: array
items:
type: object
properties:
name:
type: string
description: the attribute name
previousValue:
type: string
description: the old value of attribute
newValue:
type: string
description: the new value of attribute
example:
name: firstname
previousValue: adam
newValue: zampa
eventType:
type: string
description: the event type
identityId:
type: string
description: the identity id
dt:
type: string
description: the date of event
example:
attributeChanges:
name: firstname
previousValue: adam
newValue: zampa
eventType: AttributesChanged
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
- type: object
properties:
accessRequest:
description: the access request details
type: object
properties:
requesterId:
type: string
example: 2c91808a77ff216301782327a50f09bf
description: the requester Id
requesterName:
type: string
example: Bing C
description: the requesterName
items:
type: array
example:
- operation: Add
accessItemType: role
name: Role-1
decision: APPROVED
description: The role descrition
sourceId: 8a80828f643d484f01643e14202e206f
sourceName: Source1
approvalInfos:
- name: John Snow
id: 8a80828f643d484f01643e14202e2000
status: Approved
items:
type: object
properties:
operation:
type: string
example: Add
description: the access request item operation
accessItemType:
type: string
example: role
description: the access item type
name:
type: string
example: Role-1
description: the name of access request item
decision:
type: string
example: APPROVED
enum:
- APPROVED
- REJECTED
description: the final decision for the access request
description:
type: string
example: The role descrition
description: the description of access request item
sourceId:
type: string
example: 8a80828f643d484f01643e14202e206f
description: the source id
sourceName:
type: string
example: Source1
description: the source Name
approvalInfos:
type: array
example:
- name: John Snow
id: 8a80828f643d484f01643e14202e2000
status: Approved
items:
type: object
properties:
id:
type: string
example: 8a80828f643d484f01643e14202e2000
description: the id of approver
name:
type: string
example: John Snow
description: the name of approver
status:
type: string
example: Approved
description: the status of the approval request
identityId:
type: string
example: 8a80828f643d484f01643e14202e206f
description: the identity id
eventType:
type: string
example: AccessRequested
description: the event type
dt:
type: string
example: '2019-03-08T22:37:33.901Z'
description: the date of event
- type: object
properties:
certificationId:
type: string
description: the id of the certification item
example: 2c91808a77ff216301782327a50f09bf
certificationName:
type: string
description: the certification item name
example: Cert name
signedDate:
type: string
description: the date ceritification was signed
example: '2019-03-08T22:37:33.901Z'
certifiers:
type: array
description: this field is deprecated and may go away
items:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
example:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
reviewers:
type: array
description: The list of identities who review this certification
items:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
example:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
signer:
type: object
properties:
id:
type: string
description: the id of the certifier
example: 8a80828f643d484f01643e14202e206f
displayName:
type: string
description: the name of the certifier
example: John Snow
description: Identity who signed off on the certification
example:
id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
eventType:
type: string
description: the event type
example: IdentityCertified
dt:
type: string
description: the date of event
example: '2019-03-08T22:37:33.901Z'
- type: object
properties:
eventType:
type: string
description: the event type
identityId:
type: string
description: the identity id
dt:
type: string
description: the date of event
account:
type: object
properties:
id:
type: string
description: the ID of the account in the database
nativeIdentity:
type: string
description: the native identifier of the account
displayName:
type: string
description: the display name of the account
sourceId:
type: string
description: the ID of the source for this account
sourceName:
type: string
description: the name of the source for this account
entitlementCount:
type: integer
description: the number of entitlements on this account
accessType:
type: string
description: this value is always "account"
statusChange:
type: object
properties:
previousStatus:
type: string
description: the previous status of the account
enum:
- enabled
- disabled
- locked
newStatus:
type: string
description: the new status of the account
enum:
- enabled
- disabled
- locked
example:
account:
id: 2c91808a77ff216301782327a50f09bf
nativeIdentity: 127999
displayName: Sample Name
sourceId: 8a80828f643d484f01643e14202e206f
sourceName: JDBC Entitlements Source
entitlementCount: 0
accessType: account
statusChange:
previousStatus: enabled
newStatus: disabled
eventType: AccountStatusChanged
identityId: 8a80828f643d484f01643e14202e206f
date: '2019-03-08T22:37:33.901Z'
examples:
AccessItemAssociated:
description: An Access item associated event
value:
- accessItem:
id: 8c190e6787aa4ed9a90bd9d5344523fb
accessType: account
nativeIdentity: 127999
sourceName: JDBC Entitlements Source
entitlementCount: 0
displayName: Sample Name
eventType: AccessItemAssociated
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
governanceEvent:
name: Access Request 58
dt: '2019-03-08T22:37:33.901Z'
type: accessRequest
governanceId: 2c91808a77ff216301782327a50f09e1
owners:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
reviewers:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
decisionMaker:
id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
AccessItemRemoved:
description: An Access item removed event
value:
- accessItem:
id: 8c190e6787aa4ed9a90bd9d5344523fb
accessType: account
nativeIdentity: 127999
sourceName: JDBC Entitlements Source
entitlementCount: 0
displayName: Sample Name
eventType: AccessItemRemoved
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
governanceEvent:
name: Manager Certification for Jon Snow
dt: '2019-03-08T22:37:33.901Z'
type: certification
governanceId: 2c91808a77ff216301782327a50f09bf
owners:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
reviewers:
- id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
decisionMaker:
id: bc693f07e7b645539626c25954c58554
displayName: Jon Snow
AttributesChanged:
description: An attribute changed event
value:
- attributeChanges:
- name: firstname
previousValue: adam
newValue: zampa
eventType: AttributesChanged
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
AccessRequested:
description: An access requested event
value:
accessRequest:
requesterId: 2c91808a77ff216301782327a50f09bf
requestName: Bing C
items:
- operation: Add
accessItemType: role
name: Role-1
decision: APPROVED
description: The role descrition
sourceId: 8a80828f643d484f01643e14202e206f
sourceName: Source1
approvalInfos:
- name: John Snow
id: 8a80828f643d484f01643e14202e2000
status: Approved
eventType: AccessRequested
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
IdentityCertified:
description: An identity certified event
value:
- certification:
id: 2c91808a77ff216301782327a50f09bf
name: Cert name
signedDate: '2019-03-08T22:37:33.901Z'
certifiers:
- id: 8a80828f643d484f01643e14202e206f
displayName: John Snow
reviewers:
- id: 8a80828f643d484f01643e14202e206f
displayName: Daenerys Targaryen
signer:
id: 8a80828f643d484f01643e14202e206f
displayName: Tyrion Lannister
eventType: IdentityCertified
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
AccountStatusChanged:
description: An account status changed event
value:
- account:
id: 2c91808a77ff216301782327a50f09bf
nativeIdentity: 127999
displayName: Sample Name
sourceId: 8a80828f643d484f01643e14202e206f
sourceName: JDBC Entitlements Source
entitlementCount: 0
accessType: account
statusChange:
previousStatus: ENABLED
newStatus: DISABLED
eventType: AccountStatusChanged
identityId: 8a80828f643d484f01643e14202e206f
dt: '2019-03-08T22:37:33.901Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/start-date':
get:
operationId: getIdentityStartDate
tags:
- Identity History
summary: Gets the start date of the identity
description: 'This method retrieves start date of the identity Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listHistoricalIdentities
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: The start date of the identity
content:
application/json:
schema:
type: string
example: '2017-03-01T13:00:00.000Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/compare':
get:
operationId: compareIdentitySnapshots
tags:
- Identity History
summary: Gets a difference of count for each access item types for the given identity between 2 snapshots
description: 'This method gets a difference of count for each access item types for the given identity between 2 snapshots Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listHistoricalIdentities
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: query
name: snapshot1
schema:
type: string
description: The snapshot 1 of identity
example: '2007-03-01T13:00:00Z'
- in: query
name: snapshot2
schema:
type: string
description: The snapshot 2 of identity
example: '2008-03-01T13:00:00Z'
- in: query
name: accessItemTypes
schema:
type: array
items:
type: string
description: 'An optional list of access item types (app, account, entitlement, etc...) to return. If null or empty, all access items types are returned '
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: A IdentityCompare object with difference details for each access item type
content:
application/json:
schema:
type: array
items:
type: object
properties:
accessItemDiff:
type: object
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
additionalProperties:
type: object
example:
accessItemDiff:
role:
accessAdded: 2
accessRemoved: 3
entitlement:
accessAdded: 4
accessRemoved: 0
accessProfile:
accessAdded: 0
accessRemoved: 1
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/historical-identities/{id}/compare/{access-type}':
get:
operationId: compareIdentitySnapshotsAccessType
tags:
- Identity History
summary: Gets a list of differences of specific accesstype for the given identity between 2 snapshots
description: 'This method gets a list of differences of specific accessType for the given identity between 2 snapshots Requires authorization scope of ''idn:identity-history:read'' '
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listHistoricalIdentities
description: The identity id
example: 8c190e6787aa4ed9a90bd9d5344523fb
- in: path
name: accessType
schema:
type: string
enum:
- accessProfile
- account
- app
- entitlement
- role
required: true
description: The specific type which needs to be compared
example: role
- in: query
name: access-associated
schema:
type: boolean
description: 'Indicates if added or removed access needs to be returned. true - added, false - removed, null - both added & removed'
example: '2007-03-01T13:00:00Z'
- in: query
name: snapshot1
schema:
type: string
description: The snapshot 1 of identity
example: '2008-03-01T13:00:00Z'
- in: query
name: snapshot2
schema:
type: string
description: The snapshot 2 of identity
example: '2009-03-01T13:00:00Z'
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: A list of events for the identity
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: the id of the access item
eventType:
type: string
enum:
- ADD
- REMOVE
displayName:
type: string
description: the display name of the access item
sourceName:
type: string
description: the source name of the access item
example:
id: 2c91808c7726345b017726a0a2fb013b
eventType: ADD
displayName: Test
sourceName: Source
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{identityId}/synchronize-attributes':
post:
operationId: synchronizeAttributesForIdentity
tags:
- Identities
summary: Attribute synchronization for single identity.
security:
- userAuth: []
- applicationAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
description: This end-point performs attribute synchronization for a selected identity. The endpoint can be called once in 10 seconds per identity.
parameters:
- in: path
name: identityId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentities
description: The Identity id
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'202':
description: An Identity Sync job
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Job ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
status:
type: string
description: The job status.
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example: IN_PROGRESS
payload:
description: Job payload.
example:
type: SYNCHRONIZE_IDENTITY_ATTRIBUTES
dataJson: '{"identityId":"2c918083746f642c01746f990884012a"}'
type: object
properties:
type:
type: string
description: Payload type.
example: SYNCHRONIZE_IDENTITY_ATTRIBUTES
dataJson:
type: string
description: Payload type.
example: '{"identityId":"2c918083746f642c01746f990884012a"}'
required:
- type
- dataJson
required:
- id
- status
- payload
example:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3dfc
status: IN_PROGRESS
payload:
type: SYNCHRONIZE_IDENTITY_ATTRIBUTES
dataJson: '{"identityId":"2c918083746f642c01746f990884012a"}'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{identityId}/ownership':
get:
operationId: getIdentityOwnershipDetails
summary: Get ownership details
tags:
- Identities
description: |-
Use this API to return an identity's owned objects that will cause problems for deleting the identity.
Use this API as a checklist of objects that you need to reassign to a different identity before you can delete the identity.
For a full list of objects owned by an identity, use the [Search API](https://developer.sailpoint.com/docs/api/v3/search-post/). When you search for identities, the returned identities have a property, `owns`, that contains a more comprehensive list of identity's owned objects.
security:
- userAuth:
- 'idn:identity:read'
parameters:
- in: path
name: identityId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentities
description: Identity ID.
example: ff8081814d2a8036014d701f3fbf53fa
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Identity's ownership association details.
content:
application/json:
schema:
type: object
properties:
associationDetails:
type: array
description: list of all the resource associations for the identity
items:
type: object
properties:
associationType:
type: string
description: association type with the identity
example: ROLE_OWNER
entities:
type: array
description: the specific resource this identity has ownership on
items:
type: object
properties:
identityEntity:
type: object
properties:
id:
type: string
description: id of the resource to which the identity is associated
example: 031034e97f094a4096c1be53f75f6b91
name:
type: string
description: name of the resource to which the identity is associated
example: Gaston.800ddf9640a
type:
type: string
description: type of the resource to which the identity is associated
example: CAMPAIGN_CAMPAIGNER
example:
id: b660a232f05b4e04812ca974b3011e0f
name: Gaston.800ddf9640a
type: ROLE
example:
associationDetails:
associationType: ROLE_OWNER
entities:
- id: b660a232f05b4e04812ca974b3011e0f
name: Gaston.800ddf9640a
type: ROLE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identities:
get:
operationId: listIdentities
tags:
- Identities
summary: List identities
description: This API returns a list of identities.
security:
- userAuth:
- 'idn:identity:read'
- 'idn:identity:manage'
parameters:
- in: query
name: filters
schema:
type: string
required: false
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**alias**: *eq, sw*
**firstname**: *eq, sw*
**lastname**: *eq, sw*
**email**: *eq, sw*
**cloudStatus**: *eq*
**processingState**: *eq*
**correlated**: *eq*
**protected**: *eq*
example: id eq "6c9079b270a266a60170a2779fcb0006" or correlated eq false
- in: query
name: sorters
schema:
type: string
format: comma-separated
required: false
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, alias, cloudStatus**
example: 'name,-cloudStatus'
- in: query
name: defaultFilter
schema:
type: string
enum:
- CORRELATED_ONLY
- NONE
default: CORRELATED_ONLY
required: false
description: |-
Adds additional filter to filters query parameter.
CORRELATED_ONLY adds correlated=true and returns only identities that are correlated.
NONE does not add any and returns all identities that satisfy filters query parameter.
example: NONE
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of identities.
content:
application/json:
schema:
type: array
items:
type: object
title: IdentityDto
required:
- name
properties:
id:
description: System-generated unique ID of the identity
type: string
example: 01f04e428c484542a241dc89c303b178
readOnly: true
name:
description: The identity's name is equivalent to its Display Name attribute.
type: string
example: Walter White
created:
description: Creation date of the identity
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the identity
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
alias:
type: string
description: The identity's alternate unique identifier is equivalent to its Account Name on the authoritative source account schema.
example: walter.white
emailAddress:
type: string
description: The email address of the identity
example: walter.white@example.com
nullable: true
processingState:
type: string
nullable: true
description: The processing state of the identity
enum:
- ERROR
- OK
- null
example: ERROR
identityStatus:
type: string
description: The identity's status in the system
enum:
- UNREGISTERED
- REGISTERED
- PENDING
- WARNING
- DISABLED
- ACTIVE
- DEACTIVATED
- TERMINATED
- ERROR
- LOCKED
example: LOCKED
managerRef:
type: object
description: Identity's manager
nullable: true
properties:
type:
type: string
description: DTO type of identity's manager
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity's manager
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity's manager
example: Robert Robinson
isManager:
type: boolean
description: Whether this identity is a manager of another identity
default: false
example: true
lastRefresh:
type: string
format: date-time
description: The last time the identity was refreshed by the system
example: '2020-11-22T15:42:31.123Z'
attributes:
type: object
description: A map with the identity attributes for the identity
example:
uid: '86754'
firstname: Walter
cloudStatus: UNREGISTERED
displayName: Walter White
identificationNumber: '86754'
lastSyncDate: 1470348809380
email: walter.white@example.com
lastname: White
lifecycleState:
allOf:
- type: object
properties:
stateName:
type: string
description: The name of the lifecycle state
example: active
manuallyUpdated:
type: boolean
description: Whether the lifecycle state has been manually or automatically set
example: true
required:
- stateName
- manuallyUpdated
- nullable: true
description: Lifecycle state details that include lifecycle state name and whether this lifecycle state has been set manually
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{id}':
get:
operationId: getIdentity
tags:
- Identities
summary: Identity details
description: This API returns a single identity using the Identity ID.
security:
- userAuth:
- 'idn:identity:read'
- 'idn:identity:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentities
description: Identity Id
example: ef38f94347e94562b5bb8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: An identity object
content:
application/json:
schema:
type: object
title: IdentityDto
required:
- name
properties:
id:
description: System-generated unique ID of the identity
type: string
example: 01f04e428c484542a241dc89c303b178
readOnly: true
name:
description: The identity's name is equivalent to its Display Name attribute.
type: string
example: Walter White
created:
description: Creation date of the identity
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
modified:
description: Last modification date of the identity
type: string
format: date-time
readOnly: true
example: '2023-01-03T21:16:22.432Z'
alias:
type: string
description: The identity's alternate unique identifier is equivalent to its Account Name on the authoritative source account schema.
example: walter.white
emailAddress:
type: string
description: The email address of the identity
example: walter.white@example.com
nullable: true
processingState:
type: string
nullable: true
description: The processing state of the identity
enum:
- ERROR
- OK
- null
example: ERROR
identityStatus:
type: string
description: The identity's status in the system
enum:
- UNREGISTERED
- REGISTERED
- PENDING
- WARNING
- DISABLED
- ACTIVE
- DEACTIVATED
- TERMINATED
- ERROR
- LOCKED
example: LOCKED
managerRef:
type: object
description: Identity's manager
nullable: true
properties:
type:
type: string
description: DTO type of identity's manager
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity's manager
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity's manager
example: Robert Robinson
isManager:
type: boolean
description: Whether this identity is a manager of another identity
default: false
example: true
lastRefresh:
type: string
format: date-time
description: The last time the identity was refreshed by the system
example: '2020-11-22T15:42:31.123Z'
attributes:
type: object
description: A map with the identity attributes for the identity
example:
uid: '86754'
firstname: Walter
cloudStatus: UNREGISTERED
displayName: Walter White
identificationNumber: '86754'
lastSyncDate: 1470348809380
email: walter.white@example.com
lastname: White
lifecycleState:
allOf:
- type: object
properties:
stateName:
type: string
description: The name of the lifecycle state
example: active
manuallyUpdated:
type: boolean
description: Whether the lifecycle state has been manually or automatically set
example: true
required:
- stateName
- manuallyUpdated
- nullable: true
description: Lifecycle state details that include lifecycle state name and whether this lifecycle state has been set manually
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteIdentity
tags:
- Identities
summary: Delete identity
description: The API returns successful response if the requested identity was deleted.
security:
- userAuth:
- 'idn:identity:delete'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentities
description: Identity Id
example: ef38f94347e94562b5bb8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request is invalid. It may indicate that the specified identity is marked as protected and cannot be deleted.
content:
application/json:
schema:
type: object
properties:
message:
type: string
description: any additional context information of the http call result
example: Identity cannot be deleted as it is owner of following resources
associationDetails:
type: array
description: list of all the resource associations for the identity
items:
type: object
properties:
associationType:
type: string
description: association type with the identity
example: CAMPAIGN_OWNER
entities:
type: array
description: the specific resource this identity has ownership on
items:
type: object
properties:
identityEntity:
type: object
properties:
id:
type: string
description: id of the resource to which the identity is associated
example: 031034e97f094a4096c1be53f75f6b91
name:
type: string
description: name of the resource to which the identity is associated
example: Gaston.800ddf9640a
type:
type: string
description: type of the resource to which the identity is associated
example: CAMPAIGN_CAMPAIGNER
example:
id: b660a232f05b4e04812ca974b3011e0f
name: Gaston.800ddf9640a
type: CAMPAIGN_CAMPAIGNER
example:
message: Identity is the owner of following resources
associationDetails:
associationType: CAMPAIGN_OWNER
entities:
- id: b660a232f05b4e04812ca974b3011e0f
name: Gaston.800ddf9640a
type: CAMPAIGN_CAMPAIGNER
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identities/invite:
post:
operationId: startIdentitiesInvite
tags:
- Identities
summary: Invite identities to register
description: |
This API submits a task for inviting given identities via email to complete registration. The invitation email will include the link. After selecting the link an identity will be able to set up password and log in into the system. Invitations expire after 7 days. By default invitations send to the work identity email. It can be changed in Admin > Identities > Identity Profiles by selecting corresponding profile and editing Invitation Options.
This task will send an invitation email only for unregistered identities.
The executed task status can be checked by Task Management > [Get task status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status).
externalDocs:
description: Learn more about inviting identities here
url: 'https://documentation.sailpoint.com/saas/help/common/users/inviting_users.html'
x-sailpoint-userLevels:
- ORG_ADMIN
- HELPDESK
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
ids:
description: The list of Identities IDs to invite - required when 'uninvited' is false
type: array
items:
type: string
nullable: true
example:
- 2b568c65bc3c4c57a43bd97e3a8e55
- 2c9180867769897d01776ed5f125512f
uninvited:
description: indicator (optional) to invite all unregistered identities in the system within a limit 1000. This parameter makes sense only when 'ids' is empty.
type: boolean
default: false
example: false
responses:
'202':
description: Responds with an initial TaskStatus for the executed task
content:
application/json:
schema:
description: Details and current status of a specific task
required:
- id
- type
- uniqueName
- description
- parentName
- attributes
- created
- modified
- launched
- launcher
- completed
- completionStatus
- messages
- progress
- percentComplete
- returns
type: object
properties:
id:
description: System-generated unique ID of the task this TaskStatus represents
type: string
example: id12345
type:
description: Type of task this TaskStatus represents
type: string
enum:
- QUARTZ
- QPOC
- QUEUED_TASK
example: QUARTZ
uniqueName:
description: Name of the task this TaskStatus represents
type: string
example: Big Task
description:
description: Description of the task this TaskStatus represents
type: string
example: A Really Big Task
parentName:
description: Name of the parent of the task this TaskStatus represents
nullable: true
type: string
example: Parent Task
launcher:
description: Service to execute the task this TaskStatus represents
type: string
example: sweep
target:
type: object
nullable: true
properties:
id:
description: Target ID
type: string
example: c6dc37bf508149b28ce5b7d90ca4bbf9
type:
description: Target type
type: string
nullable: true
enum:
- APPLICATION
- IDENTITY
- null
example: APPLICATION
name:
description: Target name
type: string
example: 'Active Directory [source]'
created:
description: Creation date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
modified:
description: Last modification date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
launched:
description: Launch date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completed:
description: Completion date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completionStatus:
description: Completion status of the task this TaskStatus represents
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMPERROR
- null
example: SUCCESS
messages:
description: Messages associated with the task this TaskStatus represents
type: array
items:
description: TaskStatus Message
required:
- key
- localizedText
- type
- parameters
type: object
properties:
type:
description: Type of the message
type: string
enum:
- INFO
- WARN
- ERROR
example: INFO
localizedText:
description: Localized form of the message
type: object
nullable: true
required:
- locale
- message
properties:
locale:
description: Message locale
type: string
example: An error has occurred!
message:
description: Message text
type: string
example: Error has occurred!
key:
description: Key of the message
type: string
example: akey
parameters:
description: Message parameters for internationalization
nullable: true
type: array
items:
anyOf:
- type: object
- type: string
example:
- name: value
returns:
description: Return values from the task this TaskStatus represents
type: array
items:
description: Task return details
required:
- name
- attributeName
type: object
properties:
name:
description: Display name of the TaskReturnDetails
type: string
example: label
attributeName:
description: Attribute the TaskReturnDetails is for
type: string
example: identityCount
attributes:
description: Attributes of the task this TaskStatus represents
type: object
additionalProperties: true
example:
identityCount: 0
progress:
description: Current progress of the task this TaskStatus represents
nullable: true
type: string
example: Started
percentComplete:
description: Current percentage completion of the task this TaskStatus represents
type: integer
example: 100
taskDefinitionSummary:
description: 'Definition of a type of task, used to invoke tasks'
required:
- arguments
- description
- executor
- id
- uniqueName
- parentName
type: object
properties:
id:
description: System-generated unique ID of the TaskDefinition
type: string
example: 2c91808475b4334b0175e1dff64b63c5
uniqueName:
description: Name of the TaskDefinition
type: string
example: Cloud Account Aggregation
description:
nullable: true
description: Description of the TaskDefinition
type: string
example: Aggregates from the specified application.
parentName:
description: Name of the parent of the TaskDefinition
type: string
example: Cloud Account Aggregation
executor:
description: Executor of the TaskDefinition
nullable: true
type: string
example: sailpoint.task.ServiceTaskExecutor
arguments:
description: 'Formal parameters of the TaskDefinition, without values'
type: object
additionalProperties: true
example:
mantisExecutor: com.sailpoint.mantis.sources.task.AccountAggregationTask
eventClassesCsv: sailpoint.thunderbolt.events.AggregationEvents
serviceClass: sailpoint.thunderbolt.service.AggregationService
serviceMethod: accountAggregationTask
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{id}/verification/account/send':
post:
operationId: sendIdentityVerificationAccountToken
tags:
- Identities
summary: Send password reset email
description: |
This API sends an email with the link to start Password Reset. After selecting the link an identity will be able to set up a new password. Emails expire after 2 hours.
x-sailpoint-userLevels:
- ORG_ADMIN
- HELPDESK
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
- in: path
name: id
schema:
type: string
format: uuid
required: true
x-sailpoint-resource-operation-id: listIdentities
description: Identity ID
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
sourceName:
description: The source name where identity account password should be reset
type: string
nullable: true
example: Active Directory Source
via:
description: The method to send notification
type: string
enum:
- EMAIL_WORK
- EMAIL_PERSONAL
- LINK_WORK
- LINK_PERSONAL
example: EMAIL_WORK
required:
- via
responses:
'200':
description: The email was successfully sent
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identities/process:
post:
operationId: startIdentityProcessing
tags:
- Identities
summary: Process a list of identityids
description: |-
This operation should not be used to schedule your own identity processing or to perform system wide identity refreshes. The system will use a combination of [event-based processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#event-based-processing) and [scheduled processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#scheduled-processing) that runs every day at 8:00 AM and 8:00 PM in the tenant's timezone to keep your identities synchronized.
This endpoint will perform the following tasks:
1. Calculate identity attributes, including applying or running any rules or transforms (e.g. calculate Lifecycle State at a point-in-time it's expected to change).
2. Evaluate role assignments, leading to assignment of new roles and removal of existing roles.
3. Enforce provisioning for any assigned accesses that haven't been fulfilled (e.g. failure due to source health).
4. Recalculate manager relationships.
5. Potentially clean-up identity processing errors, assuming the error has been resolved.
externalDocs:
description: Learn more about manually processing identities here
url: 'https://documentation.sailpoint.com/saas/help/setup/identity_processing.html'
security:
- userAuth:
- 'idn:identity:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- HELPDESK
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
identityIds:
type: array
minItems: 1
maxItems: 250
description: List of up to 250 identity IDs to process.
items:
type: string
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Object containing the DTO type TASK_RESULT and the job id for the task
content:
application/json:
schema:
type: object
properties:
type:
type: string
description: the type of response reference
example: TASK_RESULT
id:
type: string
description: the task ID
example: 78733556-9ea3-4f59-bf69-e5cd92b011b4
name:
type: string
description: 'the task name (not used in this endpoint, always null)'
example: 'null'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/identities/{id}/reset':
post:
operationId: resetIdentity
tags:
- Identities
summary: Reset an identity
description: Use this endpoint to reset a user's identity if they have forgotten their authentication information like their answers to knowledge-based questions. Resetting an identity de-registers the user and removes any elevated user levels they have.
security:
- userAuth:
- 'idn:identity:update'
parameters:
- in: path
name: identityId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentities
description: Identity Id
example: ef38f94347e94562b5bb8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'202':
description: Accepted. The reset request accepted and is in progress.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{identityId}/role-assignments':
get:
operationId: getRoleAssignments
tags:
- Identities
summary: List role assignments
description: 'This returns either a list of Role Assignments when querying with either a Role Id or Role Name, or a list of Role Assignment References if querying with only identity Id.'
security:
- userAuth:
- 'idn:identity:read'
parameters:
- in: path
name: identityId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentities
description: Identity Id to get the role assignments for
example: ef38f94347e94562b5bb8424a56397d8
- in: query
name: roleId
schema:
type: string
required: false
description: Role Id to filter the role assignments with
example: e7697a1e96d04db1ac7b0f4544915d2c
- in: query
name: roleName
schema:
type: string
required: false
description: Role name to filter the role assignments with
example: Engineer
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: A role assignment object
content:
application/json:
schema:
type: array
items:
anyOf:
- type: object
properties:
id:
type: string
description: Assignment Id
example: 1cbb0705b38c4226b1334eadd8874086
role:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: Role Id and Name related to this assignment
example:
id: e7697a1e96d04db1ac7b0f4544915d2c
type: ROLE
name: Engineer
- type: object
properties:
id:
type: string
description: Assignment Id
example: 1cbb0705b38c4226b1334eadd8874086
role:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: Role Id and Name related to this assignment
example:
id: e7697a1e96d04db1ac7b0f4544915d2c
type: ROLE
name: Engineer
comments:
type: string
nullable: true
description: Comments added by the user when the assignment was made
example: I'm a new Engineer and need this role to do my work
assignmentSource:
type: string
description: Source describing how this assignment was made
example: UI
assigner:
type: object
description: The identity that performed the assignment. This could be blank or system
properties:
type:
type: string
enum:
- IDENTITY
- UNKNOWN
description: Object type
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object to which this reference applies
example: William Wilson
assignedDimensions:
type: array
description: Dimensions assigned related to this role
example:
- id: 1acc8ffe5fcf457090de28bee2af36ee
type: DIMENSION
name: Northeast region
items:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
assignmentContext:
allOf:
- type: object
properties:
requested:
type: object
properties:
contextAttributes:
type: array
items:
type: object
properties:
attribute:
type: string
description: The name of the attribute
example: location
value:
oneOf:
- type: string
example: Austin
- type: array
items:
type: string
example:
- Austin
- Houston
- Dallas
description: The value of the attribute. This can be either a string or a multi-valued string
example: Austin
derived:
type: boolean
description: True if the attribute was derived.
default: false
example: false
matched:
type: array
items:
type: object
properties:
roleRef:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: Role Id and Name related to this match
example:
id: e7697a1e96d04db1ac7b0f4544915d2c
type: DIMENSION
name: Engineer
matchedAttributes:
type: array
items:
type: object
properties:
attribute:
type: string
description: The name of the attribute
example: location
value:
oneOf:
- type: string
example: Austin
- type: array
items:
type: string
example:
- Austin
- Houston
- Dallas
description: The value of the attribute. This can be either a string or a multi-valued string
example: Austin
derived:
type: boolean
description: True if the attribute was derived.
default: false
example: false
computedDate:
type: string
description: Date that the assignment will was evaluated
example: 'Wed Feb 14 10:58:42'
- nullable: true
description: The context around the role assignment
example:
requested:
contextAttributes:
- attribute: department
value: Engineering
derived: false
matched:
- id: e7697a1e96d04db1ac7b0f4544915d2c
type: DIMENSION
name: Engineer
computedDate: 'Wed Feb 14 10:58:42'
accountTargets:
type: array
items:
type: object
properties:
source:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: Source Id and Name related to this assignment
example:
id: d18b74853739439986501ad180b27db6
type: SOURCE
name: Active Directory
accountInfo:
type: object
properties:
nativeIdentity:
type: string
description: The unique ID of the account generated by the source system
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
displayName:
type: string
description: Display name for this account
example: Abby.Smith
uuid:
type: string
description: UUID associated with this account
example: '{ad9fc391-246d-40af-b248-b6556a2b7c01}'
roleName:
type: string
description: Specific role name for this target if using multiple accounts
example: Marketing
removeDate:
type: string
nullable: true
description: Date that the assignment will be removed
example: 'Wed Feb 14 10:58:42'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/identities/{identityId}/role-assignments/{assignmentId}':
get:
operationId: getRoleAssignment
tags:
- Identities
summary: Role assignment details
security:
- userAuth:
- 'idn:identity:read'
parameters:
- in: path
name: identityId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listIdentities
description: Identity Id
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: assignmentId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleAssignments
description: Assignment Id
example: 1cbb0705b38c4226b1334eadd8874086
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: A role assignment object
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Assignment Id
example: 1cbb0705b38c4226b1334eadd8874086
role:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: Role Id and Name related to this assignment
example:
id: e7697a1e96d04db1ac7b0f4544915d2c
type: ROLE
name: Engineer
comments:
type: string
nullable: true
description: Comments added by the user when the assignment was made
example: I'm a new Engineer and need this role to do my work
assignmentSource:
type: string
description: Source describing how this assignment was made
example: UI
assigner:
type: object
description: The identity that performed the assignment. This could be blank or system
properties:
type:
type: string
enum:
- IDENTITY
- UNKNOWN
description: Object type
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
nullable: true
description: Human-readable display name of the object to which this reference applies
example: William Wilson
assignedDimensions:
type: array
description: Dimensions assigned related to this role
example:
- id: 1acc8ffe5fcf457090de28bee2af36ee
type: DIMENSION
name: Northeast region
items:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
assignmentContext:
allOf:
- type: object
properties:
requested:
type: object
properties:
contextAttributes:
type: array
items:
type: object
properties:
attribute:
type: string
description: The name of the attribute
example: location
value:
oneOf:
- type: string
example: Austin
- type: array
items:
type: string
example:
- Austin
- Houston
- Dallas
description: The value of the attribute. This can be either a string or a multi-valued string
example: Austin
derived:
type: boolean
description: True if the attribute was derived.
default: false
example: false
matched:
type: array
items:
type: object
properties:
roleRef:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: Role Id and Name related to this match
example:
id: e7697a1e96d04db1ac7b0f4544915d2c
type: DIMENSION
name: Engineer
matchedAttributes:
type: array
items:
type: object
properties:
attribute:
type: string
description: The name of the attribute
example: location
value:
oneOf:
- type: string
example: Austin
- type: array
items:
type: string
example:
- Austin
- Houston
- Dallas
description: The value of the attribute. This can be either a string or a multi-valued string
example: Austin
derived:
type: boolean
description: True if the attribute was derived.
default: false
example: false
computedDate:
type: string
description: Date that the assignment will was evaluated
example: 'Wed Feb 14 10:58:42'
- nullable: true
description: The context around the role assignment
example:
requested:
contextAttributes:
- attribute: department
value: Engineering
derived: false
matched:
- id: e7697a1e96d04db1ac7b0f4544915d2c
type: DIMENSION
name: Engineer
computedDate: 'Wed Feb 14 10:58:42'
accountTargets:
type: array
items:
type: object
properties:
source:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: Source Id and Name related to this assignment
example:
id: d18b74853739439986501ad180b27db6
type: SOURCE
name: Active Directory
accountInfo:
type: object
properties:
nativeIdentity:
type: string
description: The unique ID of the account generated by the source system
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
displayName:
type: string
description: Display name for this account
example: Abby.Smith
uuid:
type: string
description: UUID associated with this account
example: '{ad9fc391-246d-40af-b248-b6556a2b7c01}'
roleName:
type: string
description: Specific role name for this target if using multiple accounts
example: Marketing
removeDate:
type: string
nullable: true
description: Date that the assignment will be removed
example: 'Wed Feb 14 10:58:42'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identity-attributes:
get:
operationId: listIdentityAttributes
tags:
- Identity Attributes
summary: List identity attributes
description: Use this API to get a collection of identity attributes.
security:
- userAuth:
- 'idn:identity-profile-attribute-list:read'
parameters:
- in: query
name: includeSystem
schema:
type: boolean
default: false
description: Include 'system' attributes in the response.
required: false
example: false
- in: query
name: includeSilent
schema:
type: boolean
default: false
description: Include 'silent' attributes in the response.
required: false
example: false
- in: query
name: searchableOnly
schema:
type: boolean
default: false
description: Include only 'searchable' attributes in the response.
required: false
example: false
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of identity attributes.
content:
application/json:
schema:
type: array
items:
type: object
required:
- name
properties:
name:
type: string
description: Identity attribute's technical name.
example: costCenter
displayName:
type: string
description: Identity attribute's business-friendly name.
example: Cost Center
standard:
type: boolean
description: Indicates whether the attribute is 'standard' or 'default'.
default: false
example: false
type:
type: string
description: Identity attribute's type.
nullable: true
example: string
multi:
type: boolean
description: Indicates whether the identity attribute is multi-valued.
default: false
example: false
searchable:
type: boolean
description: Indicates whether the identity attribute is searchable.
default: false
example: false
system:
type: boolean
description: 'Indicates whether the identity attribute is ''system'', meaning that it doesn''t have a source and isn''t configurable.'
default: false
example: false
sources:
description: Identity attribute's list of sources - this specifies how the rule's value is derived.
type: array
items:
type: object
properties:
type:
type: string
description: Attribute mapping type.
example: rule
properties:
type: object
description: Attribute mapping properties.
example:
ruleType: IdentityAttribute
ruleName: Cloud Promote Identity Attribute
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createIdentityAttribute
tags:
- Identity Attributes
summary: Create identity attribute
description: Use this API to create a new identity attribute.
security:
- userAuth:
- 'idn:identity-profile-attribute:create'
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: Identity attribute's technical name.
example: costCenter
displayName:
type: string
description: Identity attribute's business-friendly name.
example: Cost Center
standard:
type: boolean
description: Indicates whether the attribute is 'standard' or 'default'.
default: false
example: false
type:
type: string
description: Identity attribute's type.
nullable: true
example: string
multi:
type: boolean
description: Indicates whether the identity attribute is multi-valued.
default: false
example: false
searchable:
type: boolean
description: Indicates whether the identity attribute is searchable.
default: false
example: false
system:
type: boolean
description: 'Indicates whether the identity attribute is ''system'', meaning that it doesn''t have a source and isn''t configurable.'
default: false
example: false
sources:
description: Identity attribute's list of sources - this specifies how the rule's value is derived.
type: array
items:
type: object
properties:
type:
type: string
description: Attribute mapping type.
example: rule
properties:
type: object
description: Attribute mapping properties.
example:
ruleType: IdentityAttribute
ruleName: Cloud Promote Identity Attribute
responses:
'201':
description: The identity attribute was created successfully.
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: Identity attribute's technical name.
example: costCenter
displayName:
type: string
description: Identity attribute's business-friendly name.
example: Cost Center
standard:
type: boolean
description: Indicates whether the attribute is 'standard' or 'default'.
default: false
example: false
type:
type: string
description: Identity attribute's type.
nullable: true
example: string
multi:
type: boolean
description: Indicates whether the identity attribute is multi-valued.
default: false
example: false
searchable:
type: boolean
description: Indicates whether the identity attribute is searchable.
default: false
example: false
system:
type: boolean
description: 'Indicates whether the identity attribute is ''system'', meaning that it doesn''t have a source and isn''t configurable.'
default: false
example: false
sources:
description: Identity attribute's list of sources - this specifies how the rule's value is derived.
type: array
items:
type: object
properties:
type:
type: string
description: Attribute mapping type.
example: rule
properties:
type: object
description: Attribute mapping properties.
example:
ruleType: IdentityAttribute
ruleName: Cloud Promote Identity Attribute
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/identity-attributes/{name}':
get:
operationId: getIdentityAttribute
tags:
- Identity Attributes
summary: Get identity attribute
description: This gets an identity attribute for a given technical name.
security:
- userAuth:
- 'idn:identity-profile-attribute:read'
parameters:
- in: path
name: name
schema:
type: string
description: The attribute's technical name.
required: true
x-sailpoint-resource-operation-id: listIdentityAttributes
example: displayName
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: The identity attribute with the given name
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: Identity attribute's technical name.
example: costCenter
displayName:
type: string
description: Identity attribute's business-friendly name.
example: Cost Center
standard:
type: boolean
description: Indicates whether the attribute is 'standard' or 'default'.
default: false
example: false
type:
type: string
description: Identity attribute's type.
nullable: true
example: string
multi:
type: boolean
description: Indicates whether the identity attribute is multi-valued.
default: false
example: false
searchable:
type: boolean
description: Indicates whether the identity attribute is searchable.
default: false
example: false
system:
type: boolean
description: 'Indicates whether the identity attribute is ''system'', meaning that it doesn''t have a source and isn''t configurable.'
default: false
example: false
sources:
description: Identity attribute's list of sources - this specifies how the rule's value is derived.
type: array
items:
type: object
properties:
type:
type: string
description: Attribute mapping type.
example: rule
properties:
type: object
description: Attribute mapping properties.
example:
ruleType: IdentityAttribute
ruleName: Cloud Promote Identity Attribute
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putIdentityAttribute
tags:
- Identity Attributes
summary: Update identity attribute
description: 'This updates an existing identity attribute. Making an attribute searchable requires that the `system`, `standard`, and `multi` properties be set to false.'
security:
- userAuth:
- 'idn:identity-profile-attribute:create'
parameters:
- in: path
name: name
schema:
type: string
description: The attribute's technical name.
required: true
x-sailpoint-resource-operation-id: listIdentityAttributes
example: displayName
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: Identity attribute's technical name.
example: costCenter
displayName:
type: string
description: Identity attribute's business-friendly name.
example: Cost Center
standard:
type: boolean
description: Indicates whether the attribute is 'standard' or 'default'.
default: false
example: false
type:
type: string
description: Identity attribute's type.
nullable: true
example: string
multi:
type: boolean
description: Indicates whether the identity attribute is multi-valued.
default: false
example: false
searchable:
type: boolean
description: Indicates whether the identity attribute is searchable.
default: false
example: false
system:
type: boolean
description: 'Indicates whether the identity attribute is ''system'', meaning that it doesn''t have a source and isn''t configurable.'
default: false
example: false
sources:
description: Identity attribute's list of sources - this specifies how the rule's value is derived.
type: array
items:
type: object
properties:
type:
type: string
description: Attribute mapping type.
example: rule
properties:
type: object
description: Attribute mapping properties.
example:
ruleType: IdentityAttribute
ruleName: Cloud Promote Identity Attribute
responses:
'200':
description: The identity attribute was updated successfully
content:
application/json:
schema:
type: object
required:
- name
properties:
name:
type: string
description: Identity attribute's technical name.
example: costCenter
displayName:
type: string
description: Identity attribute's business-friendly name.
example: Cost Center
standard:
type: boolean
description: Indicates whether the attribute is 'standard' or 'default'.
default: false
example: false
type:
type: string
description: Identity attribute's type.
nullable: true
example: string
multi:
type: boolean
description: Indicates whether the identity attribute is multi-valued.
default: false
example: false
searchable:
type: boolean
description: Indicates whether the identity attribute is searchable.
default: false
example: false
system:
type: boolean
description: 'Indicates whether the identity attribute is ''system'', meaning that it doesn''t have a source and isn''t configurable.'
default: false
example: false
sources:
description: Identity attribute's list of sources - this specifies how the rule's value is derived.
type: array
items:
type: object
properties:
type:
type: string
description: Attribute mapping type.
example: rule
properties:
type: object
description: Attribute mapping properties.
example:
ruleType: IdentityAttribute
ruleName: Cloud Promote Identity Attribute
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteIdentityAttribute
tags:
- Identity Attributes
summary: Delete identity attribute
description: This deletes an identity attribute with the given name. The `system` and `standard` properties must be set to false before you can delete an identity attribute.
security:
- userAuth:
- 'idn:identity-profile-attribute:delete'
parameters:
- in: path
name: name
schema:
type: string
description: The attribute's technical name.
required: true
x-sailpoint-resource-operation-id: listIdentityAttributes
example: displayName
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/identity-attributes/bulk-delete:
delete:
operationId: deleteIdentityAttributesInBulk
tags:
- Identity Attributes
summary: Bulk delete identity attributes
description: Use this API to bulk delete identity attributes for a given set of names. Attributes that are currently mapped in an identity profile cannot be deleted. The `system` and `standard` properties must be set to 'false' before you can delete an identity attribute.
security:
- userAuth:
- 'idn:identity-profile-attribute-bulk:delete'
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Identity attribute IDs.
properties:
ids:
description: List of identity attributes' technical names.
type: array
items:
type: string
example: name
example:
- name
- displayName
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/mail-from-attributes:
put:
security:
- userAuth:
- 'sp:notification-mail-from-attributes:write'
operationId: putMailFromAttributes
tags:
- Notifications
summary: Change mail from domain
description: Change the MAIL FROM domain of an AWS SES email identity and provide the MX and TXT records to be placed in the caller's DNS
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
identity:
type: string
example: BobSmith@sailpoint.com
description: The identity or domain address
mailFromDomain:
type: string
example: example.sailpoint.com
description: The new MAIL FROM domain of the identity. Must be a subdomain of the identity.
description: MAIL FROM attributes for a domain / identity
example:
identity: BobSmith@sailpoint.com
mailFromDomain: example.sailpoint.com
responses:
'200':
description: MAIL FROM Attributes required to verify the change
content:
application/json:
schema:
type: object
properties:
identity:
type: string
example: bob.smith@sailpoint.com
description: The email identity
mailFromDomain:
type: string
example: foo.sailpoint.com
description: The name of a domain that an email identity uses as a custom MAIL FROM domain
mxRecord:
type: string
example: 10 feedback-smtp.us-east-1.amazonses.com
description: MX record that is required in customer's DNS to allow the domain to receive bounce and complaint notifications that email providers send you
txtRecord:
type: string
example: 'v=spf1 include:amazonses.com ~all'
description: TXT record that is required in customer's DNS in order to prove that Amazon SES is authorized to send email from your domain
mailFromDomainStatus:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
example: PENDING
description: The current status of the MAIL FROM verification
description: MAIL FROM attributes for a domain / identity
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/mail-from-attributes/{identity}':
get:
security:
- userAuth:
- 'sp:notification-mail-from-attributes:read'
operationId: getMailFromAttributes
tags:
- Notifications
summary: Get mail from attributes
description: Retrieve MAIL FROM attributes for a given AWS SES identity.
parameters:
- in: query
name: id
required: true
schema:
type: string
description: 'Returns the MX and TXT record to be put in your DNS, as well as the MAIL FROM domain status'
example: bobsmith@sailpoint.com
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: MAIL FROM Attributes object
content:
application/json:
schema:
type: object
properties:
identity:
type: string
example: bob.smith@sailpoint.com
description: The email identity
mailFromDomain:
type: string
example: foo.sailpoint.com
description: The name of a domain that an email identity uses as a custom MAIL FROM domain
mxRecord:
type: string
example: 10 feedback-smtp.us-east-1.amazonses.com
description: MX record that is required in customer's DNS to allow the domain to receive bounce and complaint notifications that email providers send you
txtRecord:
type: string
example: 'v=spf1 include:amazonses.com ~all'
description: TXT record that is required in customer's DNS in order to prove that Amazon SES is authorized to send email from your domain
mailFromDomainStatus:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
example: PENDING
description: The current status of the MAIL FROM verification
description: MAIL FROM attributes for a domain / identity
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/generic-approvals:
get:
security:
- userAuth:
- 'sp:approvals:read'
operationId: getApprovals
tags:
- Approvals
summary: Get approvals
description: |-
Retrieve a list of approvals, which can be filtered by requester ID, status, or reference type. "Mine" query parameter can be used and it will return all approvals for the current approver. This endpoint is for generic approvals, different than the access-request-approval endpoint and does not include access-request-approvals.
Absence of all query parameters will will default to mine=true.
parameters:
- in: query
name: mine
schema:
type: boolean
description: Returns the list of approvals for the current caller
example: 'true'
- in: query
name: requesterId
schema:
type: string
description: Returns the list of approvals for a given requester ID
example: 17e633e7d57e481569df76323169deb6a
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**status**: *eq*
**referenceType**: *eq*
example: filters=status eq PENDING
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of Approvals
content:
application/json:
schema:
type: array
items:
type: object
properties:
approvalId:
type: string
example: 38453251-6be2-5f8f-df93-5ce19e295837
description: The Approval ID
approvers:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Object representation of an approver of an approval
createdDate:
type: string
example: '2023-04-12T23:20:50.52Z'
description: Date the approval was created
type:
type: string
example: ENTITLEMENT_DESCRIPTIONS
description: Type of approval
name:
type: array
items:
type: object
properties:
value:
type: string
example: Audit DB Access
description: Name of the approval
locale:
type: string
example: en_US
description: What locale the name of the approval is using
description: Approval Name Object
description: The name of the approval for a given locale
batchRequest:
type: object
description: The name of the approval for a given locale
example:
batchId: 38453251-6be2-5f8f-df93-5ce19e295837
batchSize: 100
properties:
batchId:
type: string
example: 38453251-6be2-5f8f-df93-5ce19e295837
description: ID of the batch
batchSize:
type: integer
format: int64
example: 100
description: How many approvals are going to be in this batch. Defaults to 1 if not provided.
description:
type: array
items:
type: object
properties:
value:
type: string
example: This access allows viewing and editing of workflow resource
description: The description of what the approval is asking for
locale:
type: string
example: en_US
description: What locale the description of the approval is using
description: The description of what the approval is asking for
description: The description of the approval for a given locale
priority:
type: string
enum:
- HIGH
- MEDIUM
- LOW
example: HIGH
description: The priority of the approval
requester:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
example:
id: 85d173e7d57e496569df763231d6deb6a
type: IDENTITY
name: John Doe
comments:
type: array
items:
type: object
properties:
author:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
comment:
type: string
example: Looks good
description: Comment to be left on an approval
createdDate:
type: string
example: '2023-04-12T23:20:50.52Z'
description: Date the comment was created
description: Comments Object
description: Object representation of a comment on the approval
approvedBy:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Array of approvers who have approved the approval
rejectedBy:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Array of approvers who have rejected the approval
completedDate:
type: string
example: '2023-04-12T23:20:50.52Z'
description: Date the approval was completed
approvalCriteria:
type: string
enum:
- SINGLE
- DOUBLE
- TRIPLE
- QUARTER
- HALF
- ALL
example: SINGLE
description: Criteria that needs to be met for an approval to be marked as approved
status:
type: string
enum:
- PENDING
- APPROVED
- REJECTED
example: PENDING
description: The current status of the approval
additionalAttributes:
type: string
example: '{ "llm_description": "generated description" }'
description: Json string representing additional attributes known about the object to be approved.
referenceData:
type: array
items:
type: object
properties:
id:
type: string
example: 64012350-8fd9-4f6c-a170-1fe123683899
description: Id of the reference object
type:
type: string
example: AccessRequestId
description: What reference object does this ID correspond to
description: Reference objects related to the approval
description: Reference data related to the approval
description: Approval Object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/generic-approvals/{id}':
get:
security:
- userAuth:
- 'sp:approvals:read'
operationId: getApproval
tags:
- Approvals
summary: Get an approval
description: 'Retrieve a single approval for a given approval ID. This endpoint is for generic approvals, different than the access-request-approval endpoint and does not include access-request-approvals.'
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: getApprovals
schema:
type: string
description: ID of the approval that is to be returned
example: 38453251-6be2-5f8f-df93-5ce19e295837
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Approval object
content:
application/json:
schema:
type: object
properties:
approvalId:
type: string
example: 38453251-6be2-5f8f-df93-5ce19e295837
description: The Approval ID
approvers:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Object representation of an approver of an approval
createdDate:
type: string
example: '2023-04-12T23:20:50.52Z'
description: Date the approval was created
type:
type: string
example: ENTITLEMENT_DESCRIPTIONS
description: Type of approval
name:
type: array
items:
type: object
properties:
value:
type: string
example: Audit DB Access
description: Name of the approval
locale:
type: string
example: en_US
description: What locale the name of the approval is using
description: Approval Name Object
description: The name of the approval for a given locale
batchRequest:
type: object
description: The name of the approval for a given locale
example:
batchId: 38453251-6be2-5f8f-df93-5ce19e295837
batchSize: 100
properties:
batchId:
type: string
example: 38453251-6be2-5f8f-df93-5ce19e295837
description: ID of the batch
batchSize:
type: integer
format: int64
example: 100
description: How many approvals are going to be in this batch. Defaults to 1 if not provided.
description:
type: array
items:
type: object
properties:
value:
type: string
example: This access allows viewing and editing of workflow resource
description: The description of what the approval is asking for
locale:
type: string
example: en_US
description: What locale the description of the approval is using
description: The description of what the approval is asking for
description: The description of the approval for a given locale
priority:
type: string
enum:
- HIGH
- MEDIUM
- LOW
example: HIGH
description: The priority of the approval
requester:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
example:
id: 85d173e7d57e496569df763231d6deb6a
type: IDENTITY
name: John Doe
comments:
type: array
items:
type: object
properties:
author:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
comment:
type: string
example: Looks good
description: Comment to be left on an approval
createdDate:
type: string
example: '2023-04-12T23:20:50.52Z'
description: Date the comment was created
description: Comments Object
description: Object representation of a comment on the approval
approvedBy:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Array of approvers who have approved the approval
rejectedBy:
type: array
items:
type: object
properties:
id:
type: string
example: 85d173e7d57e496569df763231d6deb6a
description: The identity ID
type:
type: string
enum:
- IDENTITY
example: IDENTITY
description: 'Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc'
name:
type: string
example: John Doe
description: Name of the identity
description: Identity Object
description: Array of approvers who have rejected the approval
completedDate:
type: string
example: '2023-04-12T23:20:50.52Z'
description: Date the approval was completed
approvalCriteria:
type: string
enum:
- SINGLE
- DOUBLE
- TRIPLE
- QUARTER
- HALF
- ALL
example: SINGLE
description: Criteria that needs to be met for an approval to be marked as approved
status:
type: string
enum:
- PENDING
- APPROVED
- REJECTED
example: PENDING
description: The current status of the approval
additionalAttributes:
type: string
example: '{ "llm_description": "generated description" }'
description: Json string representing additional attributes known about the object to be approved.
referenceData:
type: array
items:
type: object
properties:
id:
type: string
example: 64012350-8fd9-4f6c-a170-1fe123683899
description: Id of the reference object
type:
type: string
example: AccessRequestId
description: What reference object does this ID correspond to
description: Reference objects related to the approval
description: Reference data related to the approval
description: Approval Object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/machine-accounts:
get:
operationId: listMachineAccounts
tags:
- Machine Accounts
summary: Machine accounts list
description: 'This returns a list of machine accounts. '
security:
- userAuth:
- 'idn:mis-account:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- HELPDESK
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
example: identityId eq "2c9180858082150f0180893dbaf44201"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, sw*
**name**: *eq, in, sw*
**nativeIdentity**: *eq, in, sw*
**machineIdentity**: *eq, in, sw*
**description**: *eq, in, sw*
**ownerIdentity**: *eq, in, sw*
**ownerIdentityId**: *eq, in, sw*
**entitlements**: *eq*
**accessType**: *eq, in, sw*
**subType**: *eq, in, sw*
**environment**: *eq, in, sw*
**classificationMethod**: *eq, in, sw*
**manuallyCorrelated**: *eq*
**manuallyEdited**: *eq*
**identity**: *eq, in, sw*
**source**: *eq, in*
**hasEntitlement**: *eq*
**locked**: *eq*
**connectorAttributes**: *eq*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: 'id,name'
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, machineIdentity, identity.id, nativeIdentity, uuid, manuallyCorrelated, connectorAttributes, entitlements, identity.name, identity.type, source.id, source.name, source.type**
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of machine account objects
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- nativeIdentity
- classificationMethod
- connectorAttributes
- manuallyEdited
- locked
- enabled
- hasEntitlements
- source
properties:
description:
type: string
description: A description of the machine account
nullable: true
example: Service account for Active Directory
nativeIdentity:
type: string
description: The unique ID of the machine account generated by the source system
example: '552775'
uuid:
type: string
description: The unique ID of the account as determined by the account schema
example: '{b0dce506-d6d4-44d2-8a32-d9a5b21fb175}'
nullable: true
classificationMethod:
description: Classification Method
type: string
enum:
- SOURCE
- CRITERIA
- DISCOVERY
- MANUAL
example: SOURCE
machineIdentity:
description: The machine identity this account is associated with
example:
id: 1540e5a4-6c2e-4bf1-b88e-c08cae0696e9
type: MACHINE_IDENTITY
name: SVC_ADService
ownerIdentity:
description: The identity who owns this account.
nullable: true
example:
id: 2c918084660f45d6016617daa9210584
type: IDENTITY
name: Adam Kennedy
accessType:
type: string
example: direct
description: The connection type of the source this account is from
subtype:
type: string
nullable: true
example: null
description: The sub-type
environment:
type: string
nullable: true
example: TEST
description: Environment
attributes:
type: object
nullable: true
additionalProperties: true
description: Custom attributes specific to the machine account
example:
firstName: SailPoint
lastName: Support
displayName: SailPoint Support
connectorAttributes:
type: object
nullable: true
additionalProperties: true
description: The connector attributes for the account
example:
mail: machine-178@sailpoint.com
givenName: Support
displayName: SailPoint Support
manuallyCorrelated:
type: boolean
description: Indicates if the account has been manually correlated to an identity
default: false
example: true
manuallyEdited:
type: boolean
description: Indicates if the account has been manually edited
default: false
example: true
locked:
type: boolean
description: Indicates if the account is currently locked
example: false
enabled:
type: boolean
description: Indicates if the account is enabled
default: false
example: false
hasEntitlements:
type: boolean
description: Indicates if the account has entitlements
default: true
example: false
source:
description: The source this machine account belongs to.
example:
id: 8d3e0094e99445de98eef6c75e25jc04
type: SOURCE
name: Active Directory
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/machine-accounts/{id}':
get:
operationId: getMachineAccount
tags:
- Machine Accounts
summary: Machine account details
description: 'Use this API to return the details for a single machine account by its ID. '
security:
- userAuth:
- 'idn:mis-account:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- HELPDESK
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listMachineAccounts
description: Machine Account ID.
example: ef38f94347e94562b5bb8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Machine Account object.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- nativeIdentity
- classificationMethod
- connectorAttributes
- manuallyEdited
- locked
- enabled
- hasEntitlements
- source
properties:
description:
type: string
description: A description of the machine account
nullable: true
example: Service account for Active Directory
nativeIdentity:
type: string
description: The unique ID of the machine account generated by the source system
example: '552775'
uuid:
type: string
description: The unique ID of the account as determined by the account schema
example: '{b0dce506-d6d4-44d2-8a32-d9a5b21fb175}'
nullable: true
classificationMethod:
description: Classification Method
type: string
enum:
- SOURCE
- CRITERIA
- DISCOVERY
- MANUAL
example: SOURCE
machineIdentity:
description: The machine identity this account is associated with
example:
id: 1540e5a4-6c2e-4bf1-b88e-c08cae0696e9
type: MACHINE_IDENTITY
name: SVC_ADService
ownerIdentity:
description: The identity who owns this account.
nullable: true
example:
id: 2c918084660f45d6016617daa9210584
type: IDENTITY
name: Adam Kennedy
accessType:
type: string
example: direct
description: The connection type of the source this account is from
subtype:
type: string
nullable: true
example: null
description: The sub-type
environment:
type: string
nullable: true
example: TEST
description: Environment
attributes:
type: object
nullable: true
additionalProperties: true
description: Custom attributes specific to the machine account
example:
firstName: SailPoint
lastName: Support
displayName: SailPoint Support
connectorAttributes:
type: object
nullable: true
additionalProperties: true
description: The connector attributes for the account
example:
mail: machine-178@sailpoint.com
givenName: Support
displayName: SailPoint Support
manuallyCorrelated:
type: boolean
description: Indicates if the account has been manually correlated to an identity
default: false
example: true
manuallyEdited:
type: boolean
description: Indicates if the account has been manually edited
default: false
example: true
locked:
type: boolean
description: Indicates if the account is currently locked
example: false
enabled:
type: boolean
description: Indicates if the account is enabled
default: false
example: false
hasEntitlements:
type: boolean
description: Indicates if the account has entitlements
default: true
example: false
source:
description: The source this machine account belongs to.
example:
id: 8d3e0094e99445de98eef6c75e25jc04
type: SOURCE
name: Active Directory
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateMachineAccount
tags:
- Machine Accounts
summary: Update a machine account
description: |
Use this API to update machine accounts details.
security:
- userAuth:
- 'idn:mis-account:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listMachineAccounts
description: Machine Account ID.
example: ef38f94347e94562b5bb8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
description: |-
A JSON of updated values [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable:
* description
* ownerIdentity
* subType
* accessType
* environment
* attributes
* classificationMethod
* manuallyEdited
* nativeIdentity
* uuid
* source
* manuallyCorrelated
* enabled
* locked
* hasEntitlements
* connectorAttributes
content:
application/json-patch+json:
schema:
type: array
items:
type: object
examples:
Add machine identity attribute:
value:
- op: add
path: /environment
value: test
Replace machine identity attribute:
value:
- op: replace
path: /environment
value: test
Remove machine identity attribute:
value:
- op: remove
path: /environment
responses:
'200':
description: Updated Machine Account object.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- nativeIdentity
- classificationMethod
- connectorAttributes
- manuallyEdited
- locked
- enabled
- hasEntitlements
- source
properties:
description:
type: string
description: A description of the machine account
nullable: true
example: Service account for Active Directory
nativeIdentity:
type: string
description: The unique ID of the machine account generated by the source system
example: '552775'
uuid:
type: string
description: The unique ID of the account as determined by the account schema
example: '{b0dce506-d6d4-44d2-8a32-d9a5b21fb175}'
nullable: true
classificationMethod:
description: Classification Method
type: string
enum:
- SOURCE
- CRITERIA
- DISCOVERY
- MANUAL
example: SOURCE
machineIdentity:
description: The machine identity this account is associated with
example:
id: 1540e5a4-6c2e-4bf1-b88e-c08cae0696e9
type: MACHINE_IDENTITY
name: SVC_ADService
ownerIdentity:
description: The identity who owns this account.
nullable: true
example:
id: 2c918084660f45d6016617daa9210584
type: IDENTITY
name: Adam Kennedy
accessType:
type: string
example: direct
description: The connection type of the source this account is from
subtype:
type: string
nullable: true
example: null
description: The sub-type
environment:
type: string
nullable: true
example: TEST
description: Environment
attributes:
type: object
nullable: true
additionalProperties: true
description: Custom attributes specific to the machine account
example:
firstName: SailPoint
lastName: Support
displayName: SailPoint Support
connectorAttributes:
type: object
nullable: true
additionalProperties: true
description: The connector attributes for the account
example:
mail: machine-178@sailpoint.com
givenName: Support
displayName: SailPoint Support
manuallyCorrelated:
type: boolean
description: Indicates if the account has been manually correlated to an identity
default: false
example: true
manuallyEdited:
type: boolean
description: Indicates if the account has been manually edited
default: false
example: true
locked:
type: boolean
description: Indicates if the account is currently locked
example: false
enabled:
type: boolean
description: Indicates if the account is enabled
default: false
example: false
hasEntitlements:
type: boolean
description: Indicates if the account has entitlements
default: true
example: false
source:
description: The source this machine account belongs to.
example:
id: 8d3e0094e99445de98eef6c75e25jc04
type: SOURCE
name: Active Directory
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/machine-identities:
get:
operationId: listMachineIdentities
tags:
- Machine Identities
summary: List machine identities
description: This API returns a list of machine identities.
security:
- userAuth:
- 'idn:mis-identity:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- HELPDESK
parameters:
- in: query
name: filters
required: false
schema:
type: string
example: identityId eq "2c9180858082150f0180893dbaf44201"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, sw*
**displayName**: *eq, in, sw*
**cisIdentityId**: *eq, in, sw*
**description**: *eq, in, sw*
**businessApplication**: *eq, in, sw*
**attributes**: *eq*
**manuallyEdited**: *eq*
- in: query
name: sorters
schema:
type: string
format: comma-separated
required: false
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **businessApplication, name**
example: businessApplication
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
responses:
'200':
description: List of machine identities.
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
title: MachineIdentityDto
required:
- businessApplication
properties:
businessApplication:
type: string
description: The business application that the identity represents
example: ADService
description:
type: string
description: Description of machine identity
example: ''
manuallyEdited:
type: boolean
description: Indicates if the machine identity has been manually edited
default: false
example: true
attributes:
type: object
description: A map of custom machine identity attributes
example: '{"Region":"EU"}'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createMachineIdentity
tags:
- Machine Identities
summary: Create machine identities
security:
- userAuth:
- 'idn:mis-identity:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
description: |-
Use this API to create a machine identity.
The maximum supported length for the description field is 2000 characters.
requestBody:
required: true
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
title: MachineIdentityDto
required:
- businessApplication
properties:
businessApplication:
type: string
description: The business application that the identity represents
example: ADService
description:
type: string
description: Description of machine identity
example: ''
manuallyEdited:
type: boolean
description: Indicates if the machine identity has been manually edited
default: false
example: true
attributes:
type: object
description: A map of custom machine identity attributes
example: '{"Region":"EU"}'
responses:
'200':
description: Machine Identity created.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
title: MachineIdentityDto
required:
- businessApplication
properties:
businessApplication:
type: string
description: The business application that the identity represents
example: ADService
description:
type: string
description: Description of machine identity
example: ''
manuallyEdited:
type: boolean
description: Indicates if the machine identity has been manually edited
default: false
example: true
attributes:
type: object
description: A map of custom machine identity attributes
example: '{"Region":"EU"}'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/machine-identities/{id}':
get:
operationId: getMachineIdentity
tags:
- Machine Identities
summary: Machine identity details
description: This API returns a single machine identity using the Machine Identity ID.
security:
- userAuth:
- 'idn:mis-identity:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
- HELPDESK
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listMachineIdentities
description: Machine Identity ID
example: ef38f94347e94562b5bb8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: A machine identity object
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
title: MachineIdentityDto
required:
- businessApplication
properties:
businessApplication:
type: string
description: The business application that the identity represents
example: ADService
description:
type: string
description: Description of machine identity
example: ''
manuallyEdited:
type: boolean
description: Indicates if the machine identity has been manually edited
default: false
example: true
attributes:
type: object
description: A map of custom machine identity attributes
example: '{"Region":"EU"}'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: updateMachineIdentity
tags:
- Machine Identities
summary: Update a machine identity
description: |
Use this API to update machine identity details.
security:
- userAuth:
- 'idn:mis-identity:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listMachineIdentities
description: Machine Identity ID.
example: ef38f94347e94562b5bb8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
description: 'A JSON of updated values [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
examples:
Add machine identity attribute:
value:
- op: add
path: /attributes/securityRisk
value: medium
Replace machine identity attribute:
value:
- op: replace
path: /attributes/securityRisk
value: medium
Remove machine identity attribute:
value:
- op: remove
path: /attributes/securityRisk
responses:
'200':
description: Updated Machine Identity object.
content:
application/json:
schema:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
title: MachineIdentityDto
required:
- businessApplication
properties:
businessApplication:
type: string
description: The business application that the identity represents
example: ADService
description:
type: string
description: Description of machine identity
example: ''
manuallyEdited:
type: boolean
description: Indicates if the machine identity has been manually edited
default: false
example: true
attributes:
type: object
description: A map of custom machine identity attributes
example: '{"Region":"EU"}'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteMachineIdentity
tags:
- Machine Identities
summary: Delete machine identity
description: The API returns successful response if the requested machine identity was deleted.
security:
- userAuth:
- 'idn:mis-identity:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listMachineIdentities
description: Machine Identity ID
example: ef38f94347e94562b5bb8424a56397d8
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/notification-template-defaults:
get:
operationId: listNotificationTemplateDefaults
tags:
- Notifications
summary: List notification template defaults
description: 'This lists the default templates used for notifications, such as emails from IdentityNow.'
security:
- userAuth:
- 'idn:notification-template-defaults:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filters
schema:
type: string
example: key eq "cloud_manual_work_item_summary"
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**key**: *eq, in, sw*
**medium**: *eq, sw*
**locale**: *eq, sw*
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: A list of the default template objects
content:
application/json:
schema:
type: array
items:
type: object
properties:
key:
type: string
example: cloud_manual_work_item_summary
description: The key of the default template
name:
type: string
example: Task Manager Subscription
description: The name of the default template
medium:
type: string
description: The message medium. More mediums may be added in the future.
enum:
- EMAIL
- PHONE
- SMS
- SLACK
- TEAMS
example: EMAIL
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en
subject:
type: string
example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.'
description: The subject of the default template
nullable: true
header:
type: string
nullable: true
example: null
deprecated: true
description: 'The header value is now located within the body field. If included with non-null values, will result in a 400.'
body:
type: string
example: Please go to the task manager
description: The body of the default template
footer:
type: string
nullable: true
example: null
deprecated: true
description: 'The footer value is now located within the body field. If included with non-null values, will result in a 400.'
from:
type: string
example: $__global.emailFromAddress
description: 'The "From:" address of the default template'
nullable: true
replyTo:
type: string
example: $__global.emailFromAddress
description: The "Reply To" field of the default template
nullable: true
description:
type: string
example: Daily digest - sent if number of outstanding tasks for task owner > 0
description: The description of the default template
nullable: true
slackTemplate:
type: object
nullable: true
properties:
key:
type: string
nullable: true
text:
type: string
blocks:
type: string
nullable: true
attachments:
type: string
notificationType:
type: string
nullable: true
approvalId:
type: string
nullable: true
requestId:
type: string
nullable: true
requestedById:
type: string
nullable: true
isSubscription:
type: boolean
nullable: true
autoApprovalData:
type: object
nullable: true
properties:
isAutoApproved:
type: string
nullable: true
itemId:
type: string
nullable: true
itemType:
type: string
nullable: true
autoApprovalMessageJSON:
type: string
nullable: true
autoApprovalTitle:
type: string
nullable: true
customFields:
type: object
nullable: true
properties:
requestType:
type: string
nullable: true
containsDeny:
type: string
nullable: true
campaignId:
type: string
nullable: true
campaignStatus:
type: string
nullable: true
teamsTemplate:
type: object
nullable: true
properties:
key:
type: string
nullable: true
title:
type: string
nullable: true
text:
type: string
messageJSON:
type: string
nullable: true
isSubscription:
type: boolean
nullable: true
approvalId:
type: string
nullable: true
requestId:
type: string
nullable: true
requestedById:
type: string
nullable: true
notificationType:
type: string
nullable: true
autoApprovalData:
type: object
nullable: true
properties:
isAutoApproved:
type: string
nullable: true
itemId:
type: string
nullable: true
itemType:
type: string
nullable: true
autoApprovalMessageJSON:
type: string
nullable: true
autoApprovalTitle:
type: string
nullable: true
customFields:
type: object
nullable: true
properties:
requestType:
type: string
nullable: true
containsDeny:
type: string
nullable: true
campaignId:
type: string
nullable: true
campaignStatus:
type: string
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/notification-templates:
get:
operationId: listNotificationTemplates
tags:
- Notifications
summary: List notification templates
description: This lists the templates that you have modified for your site.
security:
- userAuth:
- 'idn:notification-templates:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**key**: *eq, in, sw*
**medium**: *eq, sw*
**locale**: *eq, sw*
example: medium eq "EMAIL"
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: A list of template objects for your site
content:
application/json:
schema:
type: array
items:
type: object
properties:
key:
type: string
example: cloud_manual_work_item_summary
description: The key of the template
name:
type: string
example: Task Manager Subscription
description: The name of the Task Manager Subscription
medium:
type: string
description: The message medium. More mediums may be added in the future.
enum:
- EMAIL
- PHONE
- SMS
- SLACK
- TEAMS
example: EMAIL
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en
subject:
type: string
example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.'
description: The subject line in the template
header:
type: string
nullable: true
example: null
deprecated: true
description: 'The header value is now located within the body field. If included with non-null values, will result in a 400.'
body:
type: string
example: Please go to the task manager
description: The body in the template
footer:
type: string
nullable: true
example: null
deprecated: true
description: 'The footer value is now located within the body field. If included with non-null values, will result in a 400.'
from:
type: string
example: $__global.emailFromAddress
description: 'The "From:" address in the template'
replyTo:
type: string
example: $__global.emailFromAddress
description: The "Reply To" line in the template
description:
type: string
example: Daily digest - sent if number of outstanding tasks for task owner > 0
description: The description in the template
id:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
description: This is auto-generated.
created:
type: string
format: date-time
description: The time when this template is created. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when this template was last modified. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
slackTemplate:
type: string
nullable: true
teamsTemplate:
type: string
nullable: true
required:
- key
- medium
- locale
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createNotificationTemplate
tags:
- Notifications
summary: Create notification template
description: |-
This creates a template for your site.
You can also use this endpoint to update a template. First, copy the response body from the [get notification template endpoint](https://developer.sailpoint.com/idn/api/beta/get-notification-template) for a template you wish to update and paste it into the request body for this endpoint. Modify the fields you want to change and submit the POST request when ready.
security:
- userAuth:
- 'idn:notification-templates:create'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
key:
type: string
example: cloud_manual_work_item_summary
description: The key of the template
name:
type: string
example: Task Manager Subscription
description: The name of the Task Manager Subscription
medium:
type: string
description: The message medium. More mediums may be added in the future.
enum:
- EMAIL
- PHONE
- SMS
- SLACK
- TEAMS
example: EMAIL
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en
subject:
type: string
example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.'
description: The subject line in the template
header:
type: string
nullable: true
example: null
deprecated: true
description: 'The header value is now located within the body field. If included with non-null values, will result in a 400.'
body:
type: string
example: Please go to the task manager
description: The body in the template
footer:
type: string
nullable: true
example: null
deprecated: true
description: 'The footer value is now located within the body field. If included with non-null values, will result in a 400.'
from:
type: string
example: $__global.emailFromAddress
description: 'The "From:" address in the template'
replyTo:
type: string
example: $__global.emailFromAddress
description: The "Reply To" line in the template
description:
type: string
example: Daily digest - sent if number of outstanding tasks for task owner > 0
description: The description in the template
id:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
description: This is auto-generated.
created:
type: string
format: date-time
description: The time when this template is created. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when this template was last modified. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
slackTemplate:
type: string
nullable: true
teamsTemplate:
type: string
nullable: true
required:
- key
- medium
- locale
responses:
'200':
description: A template object for your site
content:
application/json:
schema:
type: object
properties:
key:
type: string
example: cloud_manual_work_item_summary
description: The key of the template
name:
type: string
example: Task Manager Subscription
description: The name of the Task Manager Subscription
medium:
type: string
description: The message medium. More mediums may be added in the future.
enum:
- EMAIL
- PHONE
- SMS
- SLACK
- TEAMS
example: EMAIL
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en
subject:
type: string
example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.'
description: The subject line in the template
header:
type: string
nullable: true
example: null
deprecated: true
description: 'The header value is now located within the body field. If included with non-null values, will result in a 400.'
body:
type: string
example: Please go to the task manager
description: The body in the template
footer:
type: string
nullable: true
example: null
deprecated: true
description: 'The footer value is now located within the body field. If included with non-null values, will result in a 400.'
from:
type: string
example: $__global.emailFromAddress
description: 'The "From:" address in the template'
replyTo:
type: string
example: $__global.emailFromAddress
description: The "Reply To" line in the template
description:
type: string
example: Daily digest - sent if number of outstanding tasks for task owner > 0
description: The description in the template
id:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
description: This is auto-generated.
created:
type: string
format: date-time
description: The time when this template is created. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when this template was last modified. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
slackTemplate:
type: string
nullable: true
teamsTemplate:
type: string
nullable: true
required:
- key
- medium
- locale
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/notification-templates/{id}':
get:
operationId: getNotificationTemplate
tags:
- Notifications
summary: Get notification template by id
description: This gets a template that you have modified for your site by Id.
parameters:
- name: id
in: path
description: Id of the Notification Template
required: true
x-sailpoint-resource-operation-id: listNotificationTemplates
style: simple
explode: false
schema:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: A template object for your site
content:
application/json:
schema:
type: object
properties:
key:
type: string
example: cloud_manual_work_item_summary
description: The key of the template
name:
type: string
example: Task Manager Subscription
description: The name of the Task Manager Subscription
medium:
type: string
description: The message medium. More mediums may be added in the future.
enum:
- EMAIL
- PHONE
- SMS
- SLACK
- TEAMS
example: EMAIL
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en
subject:
type: string
example: 'You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}.'
description: The subject line in the template
header:
type: string
nullable: true
example: null
deprecated: true
description: 'The header value is now located within the body field. If included with non-null values, will result in a 400.'
body:
type: string
example: Please go to the task manager
description: The body in the template
footer:
type: string
nullable: true
example: null
deprecated: true
description: 'The footer value is now located within the body field. If included with non-null values, will result in a 400.'
from:
type: string
example: $__global.emailFromAddress
description: 'The "From:" address in the template'
replyTo:
type: string
example: $__global.emailFromAddress
description: The "Reply To" line in the template
description:
type: string
example: Daily digest - sent if number of outstanding tasks for task owner > 0
description: The description in the template
id:
type: string
example: c17bea3a-574d-453c-9e04-4365fbf5af0b
description: This is auto-generated.
created:
type: string
format: date-time
description: The time when this template is created. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
modified:
type: string
format: date-time
description: The time when this template was last modified. This is auto-generated.
example: '2020-01-01T00:00:00.000000Z'
slackTemplate:
type: string
nullable: true
teamsTemplate:
type: string
nullable: true
required:
- key
- medium
- locale
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/notification-templates/bulk-delete:
post:
operationId: deleteNotificationTemplatesInBulk
tags:
- Notifications
summary: Bulk delete notification templates
description: 'This lets you bulk delete templates that you previously created for your site. Since this is a beta feature, please contact support to enable usage.'
security:
- userAuth:
- 'idn:notification-templates:delete'
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: object
properties:
key:
type: string
example: cloud_manual_work_item_summary
medium:
type: string
enum:
- EMAIL
- PHONE
- SMS
example: EMAIL
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en
required:
- key
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/org-config:
get:
operationId: getOrgConfig
tags:
- Org Config
summary: Get org config settings
security:
- userAuth:
- 'idn:org-configs:read'
- 'idn:org-configs:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
description: 'Get the current organization''s configuration settings, only external accessible properties.'
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
type: object
description: DTO class for OrgConfig data accessible by customer external org admin ("ORG_ADMIN") users
properties:
orgName:
type: string
description: The name of the org.
example: acme-solar
timeZone:
type: string
description: The selected time zone which is to be used for the org. This directly affects when scheduled tasks are executed. Valid options can be found at /beta/org-config/valid-time-zones
example: America/Toronto
lcsChangeHonorsSourceEnableFeature:
type: boolean
description: Flag to determine whether the LCS_CHANGE_HONORS_SOURCE_ENABLE_FEATURE flag is enabled for the current org.
example: false
armCustomerId:
type: string
description: ARM Customer ID
nullable: true
example: DE38E75A-5FF6-4A65-5DC7-08D64426B09E
armSapSystemIdMappings:
type: string
description: 'A list of IDN::sourceId to ARM::systemId mappings.'
nullable: true
example:
- sourceId: 2c91808c791a94e501792388b0d62659
systemId: '1556'
- sourceId: 2_2c91808c791a94e501792388b0d62659
systemId: '2_1556'
- sourceId: 3_2c91808c791a94e501792388b0d62659
systemId: '3_1556'
armAuth:
type: string
description: ARM authentication string
nullable: true
example: epiYNTRYA2S7swisDWk1Zv4VMNgvqEjiBh5_ufuCWsma2m-5XADijqBg0ijXLby5nS6lxZNXabhGnAPGeDGc4V3jQKrhwV-UHypRLs8ZLgOjiQNus9NimS0uPdKomRW6TFWqXyfnYd-znNgbbVuwUy9GyD9ebDVJSntPastxSx7UcyGuWBqfNZYpuxKRWe_7TVY60qL55jUqyz8N4XUbbdcxdbZ0uik6ut-Bv90MKTbZexBW_PR4qcgIkaEs4kIenLyBxnGziYo7AO0tJ8bGHO8FJRkibCpAQIt7PISLo7Gg_Xf9j10dKq2YDgy4pPTvz3fE2ZHYnXCXvXFSA-vVag==
armDb:
type: string
description: ARM database name
nullable: true
example: EU
armSsoUrl:
type: string
description: ARM SSO URL
nullable: true
example: 'https://your-arm-sso-url'
iaiEnableCertificationRecommendations:
type: boolean
description: Flag to determine whether IAI Certification Recommendations are enabled for the current org
example: true
sodReportConfigs:
type: array
items:
type: object
properties:
columnName:
type: string
description: Name of column in report
example: SOD Business Name
required:
type: boolean
description: 'If true, column is required in all reports, and this entry is immutable. A 400 error will result from any attempt to modify the column''s definition.'
example: true
default: false
included:
type: boolean
description: 'If true, column is included in the report. A 400 error will be thrown if an attempt is made to set included=false if required==true.'
example: false
default: false
order:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: Relative sort order for the column. Columns will be displayed left-to-right in nondecreasing order.
example: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
patch:
operationId: patchOrgConfig
tags:
- Org Config
summary: Patch org config
security:
- userAuth:
- 'idn:org-configs:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
description: 'Patch the current organization''s configuration, using http://jsonpatch.com/ syntax. This is commonly used to changing an organization''s time zone.'
requestBody:
description: 'A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /timeZone
value: America/Toronto
required: true
responses:
'200':
description: Successfully patched org config.
content:
application/json:
schema:
type: object
description: DTO class for OrgConfig data accessible by customer external org admin ("ORG_ADMIN") users
properties:
orgName:
type: string
description: The name of the org.
example: acme-solar
timeZone:
type: string
description: The selected time zone which is to be used for the org. This directly affects when scheduled tasks are executed. Valid options can be found at /beta/org-config/valid-time-zones
example: America/Toronto
lcsChangeHonorsSourceEnableFeature:
type: boolean
description: Flag to determine whether the LCS_CHANGE_HONORS_SOURCE_ENABLE_FEATURE flag is enabled for the current org.
example: false
armCustomerId:
type: string
description: ARM Customer ID
nullable: true
example: DE38E75A-5FF6-4A65-5DC7-08D64426B09E
armSapSystemIdMappings:
type: string
description: 'A list of IDN::sourceId to ARM::systemId mappings.'
nullable: true
example:
- sourceId: 2c91808c791a94e501792388b0d62659
systemId: '1556'
- sourceId: 2_2c91808c791a94e501792388b0d62659
systemId: '2_1556'
- sourceId: 3_2c91808c791a94e501792388b0d62659
systemId: '3_1556'
armAuth:
type: string
description: ARM authentication string
nullable: true
example: epiYNTRYA2S7swisDWk1Zv4VMNgvqEjiBh5_ufuCWsma2m-5XADijqBg0ijXLby5nS6lxZNXabhGnAPGeDGc4V3jQKrhwV-UHypRLs8ZLgOjiQNus9NimS0uPdKomRW6TFWqXyfnYd-znNgbbVuwUy9GyD9ebDVJSntPastxSx7UcyGuWBqfNZYpuxKRWe_7TVY60qL55jUqyz8N4XUbbdcxdbZ0uik6ut-Bv90MKTbZexBW_PR4qcgIkaEs4kIenLyBxnGziYo7AO0tJ8bGHO8FJRkibCpAQIt7PISLo7Gg_Xf9j10dKq2YDgy4pPTvz3fE2ZHYnXCXvXFSA-vVag==
armDb:
type: string
description: ARM database name
nullable: true
example: EU
armSsoUrl:
type: string
description: ARM SSO URL
nullable: true
example: 'https://your-arm-sso-url'
iaiEnableCertificationRecommendations:
type: boolean
description: Flag to determine whether IAI Certification Recommendations are enabled for the current org
example: true
sodReportConfigs:
type: array
items:
type: object
properties:
columnName:
type: string
description: Name of column in report
example: SOD Business Name
required:
type: boolean
description: 'If true, column is required in all reports, and this entry is immutable. A 400 error will result from any attempt to modify the column''s definition.'
example: true
default: false
included:
type: boolean
description: 'If true, column is included in the report. A 400 error will be thrown if an attempt is made to set included=false if required==true.'
example: false
default: false
order:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: Relative sort order for the column. Columns will be displayed left-to-right in nondecreasing order.
example: 2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/org-config/valid-time-zones:
get:
operationId: getValidTimeZones
tags:
- Org Config
summary: Get valid time zones
security:
- userAuth:
- 'idn:org-configs:read'
- 'idn:org-configs-user:read'
x-sailpoint-userLevels:
- ORG_ADMIN
description: List the valid time zones that can be set in organization configurations.
responses:
'200':
description: Request successful.
content:
application/json:
schema:
type: array
items:
type: string
example:
- Etc/GMT-6
- Etc/GMT+8
- EST
- America/Chicago
- America/Toronto
- Asia/Gaza
- Europe/Brussels
- Europe/Kiev
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
/outlier-summaries:
get:
operationId: getIdentityOutlierSnapshots
tags:
- IAI Outliers
summary: Iai identity outliers summary
description: 'This API returns a summary containing the number of identities that customer has, the number of outliers, and the type of outlier.'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- name: type
in: query
description: Type of the identity outliers snapshot to filter on
required: false
example: LOW_SIMILARITY
schema:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**snapshotDate**: *ge, le*
example: 'snapshotDate ge "2022-02-07T20:13:29.356648026Z"'
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **snapshotDate**
example: snapshotDate
required: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns list of objects. Each object is a summary to give high level statistics/counts of outliers
headers:
X-Total-Count:
description: The total result count.
schema:
type: integer
content:
application/json:
schema:
type: array
items:
type: object
properties:
type:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
description: The type of outlier summary
example: LOW_SIMILARITY
snapshotDate:
type: string
format: date-time
description: The date the bulk outlier detection ran/snapshot was created
example: '2021-05-01T18:40:35.772Z'
totalOutliers:
type: integer
description: Total number of outliers for the customer making the request
example: 50
totalIdentities:
type: integer
description: Total number of identities for the customer making the request
example: 5000
totalIgnored:
type: integer
default: 0
example: 0
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
- applicationAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- REPORT_ADMIN
/outlier-summaries/latest:
get:
operationId: getLatestIdentityOutlierSnapshots
tags:
- IAI Outliers
summary: Iai identity outliers latest summary
description: 'This API returns a most recent snapshot of each outlier type, each containing the number of identities that customer has, the number of outliers, and the type of outlier.'
parameters:
- name: type
in: query
description: Type of the identity outliers snapshot to filter on
required: false
example: LOW_SIMILARITY
schema:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns list of objects. Each object is a summary to give high level statistics/counts of outliers.
content:
application/json:
schema:
type: array
items:
type: object
properties:
type:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
description: The type of outlier summary
example: LOW_SIMILARITY
snapshotDate:
type: string
format: date-time
description: The date the bulk outlier detection ran/snapshot was created
example: '2021-05-01T18:40:35.772Z'
totalOutliers:
type: integer
description: Total number of outliers for the customer making the request
example: 50
totalIdentities:
type: integer
description: Total number of identities for the customer making the request
example: 5000
totalIgnored:
type: integer
description: Total number of ignored outliers
example: 10
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
- applicationAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- REPORT_ADMIN
/outliers:
get:
operationId: getIdentityOutliers
tags:
- IAI Outliers
summary: Iai get identity outliers
description: 'This API returns a list of outliers, containing data such as identity ID, outlier type, detection dates, identity attributes, if identity is ignored, and certification information.'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: type
in: query
description: Type of the identity outliers snapshot to filter on
required: false
schema:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
example: LOW_SIMILARITY
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**attributes**: *eq, sw, co, in*
**firstDetectionDate**: *ge, le*
**certStatus**: *eq*
**ignored**: *eq*
**score**: *ge, le*
example: attributes.displayName sw "John" and certStatus eq "false"
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **firstDetectionDate, attributes, score**
example: 'attributes.displayName,firstDetectionDate,-score'
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns list of objects. Each object contains information about outliers.
headers:
X-Total-Count:
description: The total result count.
schema:
type: integer
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The identity's unique identifier for the outlier record
example: 5be33d3e-c54d-4ed7-af73-2380543e8283
identityId:
type: string
description: The ID of the identity that is detected as an outlier
example: 5be33d3e-c54d-4ed7-af73-2380543e8283
type:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
description: The type of outlier summary
example: LOW_SIMILARITY
firstDetectionDate:
type: string
format: date-time
description: The first date the outlier was detected
example: '2021-05-01T18:40:35.772Z'
latestDetectionDate:
type: string
format: date-time
description: The most recent date the outlier was detected
example: '2021-05-03T18:40:35.772Z'
ignored:
type: boolean
description: Flag whether or not the outlier has been ignored
example: false
attributes:
type: object
description: Object containing mapped identity attributes
example:
displayName: John Smith
jobTitle: Software Engineer
department: Engineering
score:
type: number
format: float
description: The outlier score determined by the detection engine ranging from 0..1
example: 0.92
unignoreType:
type: string
enum:
- MANUAL
- AUTOMATIC
- null
description: Enum value of if the outlier manually or automatically un-ignored. Will be NULL if outlier is not ignored
example: MANUAL
nullable: true
unignoreDate:
type: string
format: date-time
description: shows date when last time has been unignored outlier
example: '2021-06-01T18:40:35.772Z'
nullable: true
ignoreDate:
type: string
format: date-time
description: shows date when last time has been ignored outlier
example: '2021-06-01T18:40:35.772Z'
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
- applicationAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- REPORT_ADMIN
'/outliers/{outlierId}/contributing-features':
get:
operationId: getPeerGroupOutliersContributingFeatures
tags:
- IAI Outliers
summary: Get identity outlier's contibuting features
description: |
This API returns a list of contributing feature objects for a single outlier.
The object contains: feature name, feature value type, value, importance, display name (translated text or message key), description (translated text or message key), translation messages object.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: include-translation-messages
in: query
description: Whether or not to include translation messages object in returned response
required: false
schema:
type: string
example: include-translation-messages=
- in: path
example: 2c918085842e69ae018432d22ccb212f
name: outlierId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getIdentityOutliers
description: The outlier id
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: importance
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **importance**
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns list of objects. Each object contains a feature and metadata about that feature.
headers:
X-Total-Count:
description: The total result count.
schema:
type: integer
accept-language:
description: The locale to use for translations for displayName and description text
schema:
type: string
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Contributing feature id
example: 66e38828-5017-47af-92ff-9844871352c5
name:
type: string
description: The name of the feature
example: entitlement_count
valueType: 0
value:
type: number
format: float
minimum: 0
description: The feature value
example: 1
importance:
type: number
format: float
description: The importance of the feature. This can also be a negative value
example: -0.15
displayName:
type: string
description: The (translated if header is passed) displayName for the feature
example: Number of entitlements
description:
type: string
description: The (translated if header is passed) description for the feature
example: The total number of entitlements belonging to an identity
translationMessages:
type: object
nullable: true
properties:
displayName:
type: object
properties:
key:
type: string
description: The key of the translation message
example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
type: array
description: The values corresponding to the translation messages
items:
type: string
example:
- '75'
- department
description:
type: object
properties:
key:
type: string
description: The key of the translation message
example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
type: array
description: The values corresponding to the translation messages
items:
type: string
example:
- '75'
- department
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
- applicationAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- REPORT_ADMIN
'/outliers/{outlierId}/feature-details/{contributingFeatureName}/access-items':
get:
operationId: listOutliersContributingFeatureAccessItems
tags:
- IAI Outliers
summary: Gets a list of access items associated with each identity outlier contributing feature
description: |
This API returns a list of the enriched access items associated with each feature filtered by the access item type.
The object contains: accessItemId, display name (translated text or message key), description (translated text or message key), accessType, sourceName, extremelyRare.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: path
name: outlierId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getIdentityOutliers
description: The outlier id
example: 2c918085842e69ae018432d22ccb212f
- in: path
name: contributingFeatureName
schema:
type: string
enum:
- radical_entitlement_count
- entitlement_count
- max_jaccard_similarity
- mean_max_bundle_concurrency
- single_entitlement_bundle_count
- peerless_score
required: true
description: The name of contributing feature
example: entitlement_count
- in: query
name: accessType
required: false
schema:
type: string
description: 'The type of access item for the identity outlier contributing feature. If not provided, it returns all.'
example: ENTITLEMENT
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: displayName
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **displayName**
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: The list of access items.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the access item
example: 2c938083633d259901633d2623ec0375
displayName:
type: string
description: the display name of the access item
example: Applied Research Access
description:
type: string
description: Description of the access item.
nullable: true
example: 'Access to research information, lab results, and schematics'
accessType:
type: string
example: ENTITLEMENT
description: The type of the access item.
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
sourceName:
type: string
example: appName
description: the associated source name if it exists
extremelyRare:
type: boolean
default: false
example: true
description: rarest access
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
- applicationAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- REPORT_ADMIN
/outliers/ignore:
post:
operationId: ignoreIdentityOutliers
tags:
- IAI Outliers
summary: Iai identity outliers ignore
description: 'This API receives a list of identity IDs in the request, changes the outliers to be ignored.'
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: string
description: List of identity IDs to ignore from outlier listing
example:
- 897ef96559df40e1baa6bae6b53e7340
- 2c918085837fbfb4018384420dac60c3
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
security:
- userAuth:
- 'iai:outliers:manage'
- applicationAuth:
- 'iai:outliers:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- REPORT_ADMIN
/outliers/unignore:
post:
operationId: unIgnoreIdentityOutliers
tags:
- IAI Outliers
summary: Iai identity outliers unignore
description: 'This API receives a list of identity IDs in the request, changes the outliers to be un-ignored.'
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: string
description: List of identity IDs to un-ignore from outlier listing
example:
- 897ef96559df40e1baa6bae6b53e7340
- 2c918085837fbfb4018384420dac60c3
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
security:
- userAuth:
- 'iai:outliers:manage'
- applicationAuth:
- 'iai:outliers:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- REPORT_ADMIN
/outliers/export:
get:
operationId: exportOutliersZip
tags:
- IAI Outliers
summary: Iai identity outliers export
description: |
This API exports a list of ignored outliers to a CSV as well as list of non-ignored outliers to a CSV. These two CSVs will be zipped and exported.
Columns will include: identityId, type, firstDetectionDate, latestDetectionDate, ignored, & attributes (defined set of identity attributes).
parameters:
- name: type
in: query
description: Type of the identity outliers snapshot to filter on
required: false
example: LOW_SIMILARITY
schema:
type: string
enum:
- LOW_SIMILARITY
- STRUCTURAL
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns zip of two CSVs to download. One CSV for ignored outliers and the other for non-ignored outliers.
content:
application/zip:
schema:
type: string
format: binary
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
- applicationAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- REPORT_ADMIN
'/outlier-feature-summaries/{outlierFeatureId}':
get:
operationId: getOutlierContributingFeatureSummary
tags:
- IAI Outliers
summary: Get identity outlier contibuting feature summary
description: |
This API returns a summary of a contributing feature for an identity outlier.
The object contains: contributing feature name (translated text or message key), identity outlier display name, feature values, feature definition and explanation (translated text or message key), peer display name and identityId, access item reference, translation messages object.
parameters:
- in: path
name: outlierFeatureId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPeerGroupOutliersContributingFeatures
description: Contributing feature id
example: 04654b66-7561-4090-94f9-abee0722a1af
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns selected contributing feature summary for an outlier.
headers:
accept-language:
description: The locale to use for translations
schema:
type: string
content:
application/json:
schema:
type: object
properties:
contributingFeatureName:
type: string
description: Contributing feature name
example: Rare Access
identityOutlierDisplayName:
type: string
description: Identity display name
example: John Smith
outlierFeatureDisplayValues:
type: array
items:
type: object
properties:
displayName:
type: string
example: Aliza Chris
description: display name
value:
type: string
example: 55
description: value
valueType: 0
featureDefinition:
type: string
description: Definition of the feature
example: Identity total number of entitlements
featureExplanation:
type: string
description: Detailed explanation of the feature
example: An identity that has too much rare access has a higher change of becoming a security threat due to the unique access they possess
peerDisplayName:
type: string
nullable: true
description: outlier's peer identity display name
example: Mary Jane
peerIdentityId:
type: string
nullable: true
description: outlier's peer identity id
example: 9f9d5d53ad0e48fba7352f6da9f1b8gbg
accessItemReference:
type: object
description: Access Item reference
example:
displayName: All Rare Entitlements
searchPlaceholder: Search by name or description
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
- applicationAuth:
- 'iai:outliers:read'
- 'iai:outliers:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- REPORT_ADMIN
'/peer-group-strategies/{strategy}/identity-outliers':
get:
operationId: getPeerGroupOutliers
tags:
- IAI Peer Group Strategies
summary: Identity outliers list
deprecated: true
description: '-- Deprecated : See ''IAI Outliers'' This API will be used by Identity Governance systems to identify identities that are not included in an organization''s peer groups. By default, 250 identities are returned. You can specify between 1 and 1000 number of identities that can be returned.'
parameters:
- in: path
name: strategy
schema:
type: string
enum:
- entitlement
required: true
description: 'The strategy used to create peer groups. Currently, ''entitlement'' is supported.'
example: entitlement
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of identities that are not included in peer groups.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: A unique identifier for the peer group member.
type:
type: string
description: The type of the peer group member.
peer_group_id:
type: string
description: The ID of the peer group.
attributes:
type: object
additionalProperties:
type: object
description: 'Arbitrary key-value pairs, belonging to the peer group member.'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth: []
/notification-template-context:
get:
operationId: getNotificationsTemplateContext
tags:
- Notifications
summary: Get notification template context
description: |-
The notification service maintains metadata to construct the notification templates or supply any information during the event propagation. The data-store where this information is retrieved is called "Global Context" (a.k.a. notification template context). It defines a set of attributes
that will be available per tenant (organization).
security:
- userAuth:
- 'idn:notification-templates:read'
responses:
'200':
description: Notification template context attributes for a specific tenant.
content:
application/json:
schema:
type: object
properties:
attributes:
type: object
additionalProperties: true
description: A JSON object that stores the context.
example:
productUrl: 'https://test-org.identitysoon.com'
brandingConfigs:
default:
narrowLogoURL: null
productName: SailPoint
standardLogoURL: null
navigationColor: 011E64
actionButtonColor: 20B2DE
emailFromAddress: null
activeLinkColor: 20B2DE
loginInformationalMessage: null
created:
type: string
description: When the global context was created
format: date-time
example: '2020-04-15T16:16:47.525Z'
modified:
type: string
description: When the global context was last modified
format: date-time
example: '2020-04-15T16:16:47.525Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/notification-preferences/{key}':
get:
operationId: listNotificationPreferences
tags:
- Notifications
summary: List notification preferences for tenant.
description: Returns a list of notification preferences for tenant.
security:
- userAuth:
- 'idn:notification-preferences:read'
responses:
'200':
description: Return preference for the given notification key.
content:
application/json:
schema:
type: object
description: Maps an Identity's attribute key to a list of preferred notification mediums.
properties:
key:
type: string
description: The template notification key.
example: cloud_manual_work_item_summary
mediums:
type: array
description: 'List of preferred notification mediums, i.e., the mediums (or method) for which notifications are enabled. More mediums may be added in the future.'
items:
type: string
enum:
- EMAIL
- SMS
- PHONE
- SLACK
- TEAMS
example:
- EMAIL
modified:
type: string
description: Modified date of preference
format: date-time
example: '2020-05-15T14:37:06.909Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/reassignment-configurations/types:
get:
operationId: getReassignmentConfigTypes
tags:
- Work Reassignment
summary: List reassignment config types
description: Gets a collection of types which are available in the Reassignment Configuration UI.
security:
- userAuth:
- 'idn:reassignment-configuration:read'
responses:
'200':
description: List of Reassignment Configuration Types
content:
application/json:
schema:
type: array
items:
type: object
description: Type of Reassignment Configuration.
properties:
priority:
type: integer
example: 1
internalName:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- accessRequests
- certifications
- manualTasks
example: accessRequests
internalNameCamel:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
displayName:
type: string
description: Human readable display name of the type to be shown on UI
example: Access Requests
description:
type: string
description: 'Description of the type of work to be reassigned, displayed by the UI.'
example: Reassign Access Request Work Items for an identity
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/reassignment-configurations:
get:
operationId: listReassignmentConfigurations
tags:
- Work Reassignment
summary: List reassignment configurations
description: Gets all Reassignment configuration for the current org.
security:
- userAuth:
- 'idn:reassignment-configuration:read'
responses:
'200':
description: A list of Reassignment Configurations for an org
content:
application/json:
schema:
type: array
items:
type: object
description: The response body of a Reassignment Configuration for a single identity
properties:
identity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
configDetails:
type: array
description: Details of how work should be reassigned for an Identity
items:
type: object
description: The request body of Reassignment Configuration Details for a specific identity and config type
properties:
configType:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
targetIdentity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
startDate:
type: string
description: The date from which to start reassigning work items
format: date-time
example: '2022-07-21T11:13:12.345Z'
endDate:
type: string
description: The date from which to stop reassigning work items. If this is an empty string it indicates a permanent reassignment.
format: date-time
example: '0001-01-01T00:00:00Z'
auditDetails:
type: object
description: Audit details for the reassignment configuration of an identity
properties:
created:
type: string
description: Initial date and time when the record was created
format: date-time
example: '2022-07-21T11:13:12.345Z'
createdBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
modified:
type: string
description: Last modified date and time for the record
format: date-time
example: '2022-07-21T11:13:12.345Z'
modifiedBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
post:
operationId: createReassignmentConfiguration
tags:
- Work Reassignment
summary: Create a reassignment configuration
description: Creates a new Reassignment Configuration for the specified identity.
security:
- userAuth:
- 'idn:reassignment-configuration:create'
requestBody:
required: true
content:
application/json:
schema:
type: object
description: The request body for creation or update of a Reassignment Configuration for a single identity and work type
properties:
reassignedFromId:
type: string
description: The identity id to reassign an item from
example: 2c91808781a71ddb0181b9090b5c504e
reassignedToId:
type: string
description: The identity id to reassign an item to
example: 2c91808781a71ddb0181b9090b53504a
configType:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
startDate:
type: string
description: The date from which to start reassigning work items
format: date-time
example: '2022-07-21T11:13:12.345Z'
endDate:
type: string
description: The date from which to stop reassigning work items. If this is an null string it indicates a permanent reassignment.
format: date-time
nullable: true
example: '2022-07-30T17:00:00.000Z'
responses:
'201':
description: The newly created Reassignment Configuration object
content:
application/json:
schema:
type: object
description: The response body of a Reassignment Configuration for a single identity
properties:
identity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
configDetails:
type: array
description: Details of how work should be reassigned for an Identity
items:
type: object
description: The request body of Reassignment Configuration Details for a specific identity and config type
properties:
configType:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
targetIdentity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
startDate:
type: string
description: The date from which to start reassigning work items
format: date-time
example: '2022-07-21T11:13:12.345Z'
endDate:
type: string
description: The date from which to stop reassigning work items. If this is an empty string it indicates a permanent reassignment.
format: date-time
example: '0001-01-01T00:00:00Z'
auditDetails:
type: object
description: Audit details for the reassignment configuration of an identity
properties:
created:
type: string
description: Initial date and time when the record was created
format: date-time
example: '2022-07-21T11:13:12.345Z'
createdBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
modified:
type: string
description: Last modified date and time for the record
format: date-time
example: '2022-07-21T11:13:12.345Z'
modifiedBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/reassignment-configurations/{identityId}':
get:
operationId: getReassignmentConfiguration
tags:
- Work Reassignment
summary: Get reassignment configuration
description: Gets the Reassignment Configuration for an identity.
security:
- userAuth:
- 'idn:reassignment-configuration:read'
parameters:
- in: path
name: identityId
schema:
type: string
description: unique identity id
required: true
x-sailpoint-resource-operation-id: listIdentities
example: 2c91808781a71ddb0181b9090b5c504f
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Reassignment Configuration for an identity
content:
application/json:
schema:
type: object
description: The response body of a Reassignment Configuration for a single identity
properties:
identity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
configDetails:
type: array
description: Details of how work should be reassigned for an Identity
items:
type: object
description: The request body of Reassignment Configuration Details for a specific identity and config type
properties:
configType:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
targetIdentity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
startDate:
type: string
description: The date from which to start reassigning work items
format: date-time
example: '2022-07-21T11:13:12.345Z'
endDate:
type: string
description: The date from which to stop reassigning work items. If this is an empty string it indicates a permanent reassignment.
format: date-time
example: '0001-01-01T00:00:00Z'
auditDetails:
type: object
description: Audit details for the reassignment configuration of an identity
properties:
created:
type: string
description: Initial date and time when the record was created
format: date-time
example: '2022-07-21T11:13:12.345Z'
createdBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
modified:
type: string
description: Last modified date and time for the record
format: date-time
example: '2022-07-21T11:13:12.345Z'
modifiedBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putReassignmentConfig
tags:
- Work Reassignment
summary: Update reassignment configuration
description: Replaces existing Reassignment configuration for an identity with the newly provided configuration.
security:
- userAuth:
- 'idn:reassignment-configuration:update'
parameters:
- in: path
name: identityId
schema:
type: string
description: unique identity id
required: true
x-sailpoint-resource-operation-id: listIdentities
example: 2c91808781a71ddb0181b9090b5c504e
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json:
schema:
type: object
description: The request body for creation or update of a Reassignment Configuration for a single identity and work type
properties:
reassignedFromId:
type: string
description: The identity id to reassign an item from
example: 2c91808781a71ddb0181b9090b5c504e
reassignedToId:
type: string
description: The identity id to reassign an item to
example: 2c91808781a71ddb0181b9090b53504a
configType:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
startDate:
type: string
description: The date from which to start reassigning work items
format: date-time
example: '2022-07-21T11:13:12.345Z'
endDate:
type: string
description: The date from which to stop reassigning work items. If this is an null string it indicates a permanent reassignment.
format: date-time
nullable: true
example: '2022-07-30T17:00:00.000Z'
responses:
'200':
description: Reassignment Configuration updated
content:
application/json:
schema:
type: object
description: The response body of a Reassignment Configuration for a single identity
properties:
identity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
configDetails:
type: array
description: Details of how work should be reassigned for an Identity
items:
type: object
description: The request body of Reassignment Configuration Details for a specific identity and config type
properties:
configType:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
targetIdentity:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
startDate:
type: string
description: The date from which to start reassigning work items
format: date-time
example: '2022-07-21T11:13:12.345Z'
endDate:
type: string
description: The date from which to stop reassigning work items. If this is an empty string it indicates a permanent reassignment.
format: date-time
example: '0001-01-01T00:00:00Z'
auditDetails:
type: object
description: Audit details for the reassignment configuration of an identity
properties:
created:
type: string
description: Initial date and time when the record was created
format: date-time
example: '2022-07-21T11:13:12.345Z'
createdBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
modified:
type: string
description: Last modified date and time for the record
format: date-time
example: '2022-07-21T11:13:12.345Z'
modifiedBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/reassignment-configurations/{identityId}/{configType}':
delete:
operationId: deleteReassignmentConfiguration
tags:
- Work Reassignment
summary: Delete reassignment configuration
description: Deletes a single reassignment configuration for the specified identity
security:
- userAuth:
- 'idn:reassignment-configuration:delete'
parameters:
- in: path
name: identityId
schema:
type: string
description: unique identity id
required: true
x-sailpoint-resource-operation-id: listIdentities
example: 2c91808781a71ddb0181b9090b5c504e
- in: path
name: configType
schema:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
required: true
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'204':
description: Reassignment Configuration deleted
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/reassignment-configurations/{identityId}/evaluate/{configType}':
get:
operationId: getEvaluateReassignmentConfiguration
tags:
- Work Reassignment
summary: Evaluate reassignment configuration
description: 'Evaluates the Reassignment Configuration for an `Identity` to determine if work items for the specified type should be reassigned. If a valid Reassignment Configuration is found for the identity & work type, then a lookup is initiated which recursively fetches the Reassignment Configuration for the next `TargetIdentity` until no more results are found or a max depth of 5. That lookup trail is provided in the response and the final reassigned identity in the lookup list is returned as the `reassignToId` property. If no Reassignment Configuration is found for the specified identity & config type then the requested Identity ID will be used as the `reassignToId` value and the lookupTrail node will be empty.'
security:
- userAuth:
- 'idn:reassignment-configuration:evaluate'
parameters:
- in: path
name: identityId
required: true
x-sailpoint-resource-operation-id: listIdentities
schema:
type: string
description: unique identity id
example: 2c91808781a71ddb0181b9090b5c504e
- in: path
name: configType
required: true
schema:
type: string
description: Enum list of valid work types that can be selected for a Reassignment Configuration
enum:
- ACCESS_REQUESTS
- CERTIFICATIONS
- MANUAL_TASKS
example: ACCESS_REQUESTS
description: Reassignment work type
example: accessRequests
- in: query
name: exclusionFilters
required: false
schema:
type: array
items:
type: string
description: 'Exclusion filters that disable parts of the reassignment evaluation. Possible values are listed below: - `SELF_REVIEW_DELEGATION`: This will exclude delegations of self-review reassignments'
example: SELF_REVIEW_DELEGATION
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Evaluated Reassignment Configuration
content:
application/json:
schema:
type: array
items:
type: object
description: The response body for Evaluate Reassignment Configuration
properties:
reassignToId:
type: string
description: The Identity ID which should be the recipient of any work items sent to a specific identity & work type
example: 869320b6b6f34a169b6178b1a865e66f
lookupTrail:
type: array
description: List of Reassignments found by looking up the next `TargetIdentity` in a ReassignmentConfiguration
items:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
reassignedToId:
type: string
description: The ID of the Identity who work is reassigned to
example: 869320b6b6f34a169b6178b1a865e66f
reassignedFromId:
type: string
description: The ID of the Identity who work is reassigned from
example: 51948a8f306a4e7a9a6f8f5d032fa59e
reassignmentType:
description: Reassignment type
type: string
enum:
- 'MANUAL_REASSIGNMENT,'
- 'AUTOMATIC_REASSIGNMENT,'
- 'AUTO_ESCALATION,'
- SELF_REVIEW_DELEGATION
example: AUTOMATIC_REASSIGNMENT
examples:
empty:
summary: Evaluate response when no reassignment configuration is found
value:
reassignToId: 2c9180825a6c1adc015a71c9023f0818
lookupTrail: []
longTrail:
summary: Evaluate response when a long reassignment trail is found
value:
reassignToId: 2c9180825a6c1adc015a71c9023f0818
lookupTrail:
- reassignedToId: 2c918084575812550157589064f33b89
reassignedFromId: 2c9180825a6c1adc015a71c9023f0818
reassignmentType: AUTOMATIC_REASSIGNMENT
- reassignedToId: 073204941f3f49c0b3a3c49d1c17ef0e
reassignedFromId: 2c918084575812550157589064f33b89
reassignmentType: AUTOMATIC_REASSIGNMENT
- reassignedToId: 31d9c631f5574571a935aaa48a6255df
reassignedFromId: 073204941f3f49c0b3a3c49d1c17ef0e
reassignmentType: AUTOMATIC_REASSIGNMENT
- reassignedToId: 279de502e5dc43f4854e1b96f57c578f
reassignedFromId: 31d9c631f5574571a935aaa48a6255df
reassignmentType: AUTOMATIC_REASSIGNMENT
selfReview:
summary: Evaluate response when a self-review is found and manager or org admin escalation is applied
value:
reassignToId: 2c9180825a6c1adc015a71c9023f0818
lookupTrail:
- reassignedToId: 2c918084575812550157589064f33b89
reassignedFromId: 2c9180825a6c1adc015a71c9023f0818
reassignmentType: AUTOMATIC_REASSIGNMENT
- reassignedToId: 073204941f3f49c0b3a3c49d1c17ef0e
reassignedFromId: 2c918084575812550157589064f33b89
reassignmentType: AUTOMATIC_REASSIGNMENT
- reassignedToId: 31d9c631f5574571a935aaa48a6255df
reassignedFromId: 073204941f3f49c0b3a3c49d1c17ef0e
reassignmentType: SELF_REVIEW_DELEGATION
- reassignedToId: 279de502e5dc43f4854e1b96f57c578f
reassignedFromId: 31d9c631f5574571a935aaa48a6255df
reassignmentType: AUTOMATIC_REASSIGNMENT
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/reassignment-configurations/tenant-config:
get:
operationId: getTenantConfigConfiguration
tags:
- Work Reassignment
summary: Get tenant-wide reassignment configuration settings
description: Gets the global Reassignment Configuration settings for the requestor's tenant.
security:
- userAuth:
- 'idn:reassignment-tenant-configuration:read'
responses:
'200':
description: Tenant-wide Reassignment Configuration settings
content:
application/json:
schema:
type: object
description: Tenant-wide Reassignment Configuration settings
properties:
auditDetails:
type: object
description: Audit details for the reassignment configuration of an identity
properties:
created:
type: string
description: Initial date and time when the record was created
format: date-time
example: '2022-07-21T11:13:12.345Z'
createdBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
modified:
type: string
description: Last modified date and time for the record
format: date-time
example: '2022-07-21T11:13:12.345Z'
modifiedBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
configDetails:
type: object
description: Details of any tenant-wide Reassignment Configurations (eg. enabled/disabled)
properties:
disabled:
type: boolean
nullable: true
description: 'Flag to determine if Reassignment Configuration is enabled or disabled for a tenant. When this flag is set to true, Reassignment Configuration is disabled.'
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
put:
operationId: putTenantConfiguration
tags:
- Work Reassignment
summary: Update tenant-wide reassignment configuration settings
description: Replaces existing Tenant-wide Reassignment Configuration settings with the newly provided settings.
security:
- userAuth:
- 'idn:reassignment-tenant-configuration:update'
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Tenant-wide Reassignment Configuration settings
properties:
configDetails:
type: object
description: Details of any tenant-wide Reassignment Configurations (eg. enabled/disabled)
properties:
disabled:
type: boolean
nullable: true
description: 'Flag to determine if Reassignment Configuration is enabled or disabled for a tenant. When this flag is set to true, Reassignment Configuration is disabled.'
default: false
example: true
responses:
'200':
description: Tenant-wide Reassignment Configuration settings
content:
application/json:
schema:
type: object
description: Tenant-wide Reassignment Configuration settings
properties:
auditDetails:
type: object
description: Audit details for the reassignment configuration of an identity
properties:
created:
type: string
description: Initial date and time when the record was created
format: date-time
example: '2022-07-21T11:13:12.345Z'
createdBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
modified:
type: string
description: Last modified date and time for the record
format: date-time
example: '2022-07-21T11:13:12.345Z'
modifiedBy:
type: object
description: The definition of an Identity according to the Reassignment Configuration service
properties:
id:
type: string
description: The ID of the object
example: 2c91808380aa05580180aaaaf1940410
name:
type: string
description: Human-readable display name of the object
example: William Wilson
configDetails:
type: object
description: Details of any tenant-wide Reassignment Configurations (eg. enabled/disabled)
properties:
disabled:
type: boolean
nullable: true
description: 'Flag to determine if Reassignment Configuration is enabled or disabled for a tenant. When this flag is set to true, Reassignment Configuration is disabled.'
default: false
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/recommendations/request:
post:
operationId: getRecommendations
summary: Returns recommendation based on object
tags:
- IAI Recommendations
description: The getRecommendations API returns recommendations based on the requested object. The recommendations are invoked by IdentityIQ and IdentityNow plug-ins that retrieve recommendations based on the performed calculations.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
requests:
type: array
items:
description: List of requests to retrieve recommendations
type: object
properties:
identityId:
type: string
description: The identity ID
example: 2c938083633d259901633d25c68c00fa
item:
type: object
properties:
id:
type: string
description: ID of the access item to retrieve the recommendation for.
example: 2c938083633d259901633d2623ec0375
type:
type: string
example: ENTITLEMENT
description: Access item's type.
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
excludeInterpretations:
type: boolean
description: Exclude interpretations in the response if "true". Return interpretations in the response if this attribute is not specified.
default: 'false'
example: 'false'
includeTranslationMessages:
type: boolean
description: 'When set to true, the calling system uses the translated messages for the specified language'
default: 'false'
example: 'false'
includeDebugInformation:
type: boolean
description: Returns the recommender calculations if set to true
default: 'false'
example: 'true'
prescribeMode:
type: boolean
description: 'When set to true, uses prescribedRulesRecommenderConfig to get identity attributes and peer group threshold instead of standard config.'
default: 'false'
example: 'false'
responses:
'200':
description: The recommendations for a customer
content:
application/json:
schema:
type: object
properties:
response:
type: array
items:
type: object
properties:
request:
type: object
properties:
identityId:
type: string
description: The identity ID
example: 2c938083633d259901633d25c68c00fa
item:
type: object
properties:
id:
type: string
description: ID of the access item to retrieve the recommendation for.
example: 2c938083633d259901633d2623ec0375
type:
type: string
example: ENTITLEMENT
description: Access item's type.
enum:
- ENTITLEMENT
- ACCESS_PROFILE
- ROLE
recommendation:
type: string
example: 'YES'
description: 'The recommendation - YES if the access is recommended, NO if not recommended, MAYBE if there is not enough information to make a recommendation, NOT_FOUND if the identity is not found in the system'
enum:
- 'YES'
- 'NO'
- MAYBE
- NOT_FOUND
interpretations:
type: array
items:
type: string
description: 'The list of interpretations explaining the recommendation. The array is empty if includeInterpretations is false or not present in the request. e.g. - [ "Not approved in the last 6 months." ]. Interpretations will be translated using the client''s locale as found in the Accept-Language header. If a translation for the client''s locale cannot be found, the US English translation will be returned.'
example:
- 75% of identities with the same department have this access. This information had a high impact on the overall score.
- 67% of identities with the same peer group have this access. This information had a low impact on the overall score.
- 42% of identities with the same location have this access. This information had a low impact on the overall score.
translationMessages:
type: array
example:
- key: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
- '75'
- department
items:
type: object
properties:
key:
type: string
description: The key of the translation message
example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH
values:
type: array
description: The values corresponding to the translation messages
items:
type: string
example:
- '75'
- department
description: 'The list of translation messages, if they have been requested.'
recommenderCalculations:
description: The calcuations performed behind the scenes that provide recommendations to the user.
properties:
identityId:
type: string
description: The ID of the identity
example: 2c91808457d8f3ab0157e3e62cb4213c
entitlementId:
type: string
description: The entitlement ID
example: 2c91809050db617d0150e0bf3215385e
recommendation:
type: string
description: The actual recommendation
example: 'YES'
overallWeightedScore:
type: number
description: The overall weighted score
featureWeightedScores:
type: object
description: The weighted score of each individual feature
additionalProperties:
type: number
threshold:
type: number
description: The configured value against which the overallWeightedScore is compared
identityAttributes:
type: object
description: The values for your configured features
additionalProperties:
type: object
properties:
value:
type: string
featureValues:
description: The feature details
type: object
properties:
feature:
type: string
description: The type of feature
example: department
numerator:
type: integer
format: int32
example: 14
description: The number of identities that have access to the feature
denominator:
type: integer
format: int32
example: 14
description: The number of identities with the corresponding feature
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'iai:decisions:manage'
x-sailpoint-userLevels:
- Any
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/recommendations/config:
get:
operationId: getRecommendationsConfig
summary: Get certification recommendation config values
tags:
- IAI Recommendations
description: Retrieves configuration attributes used by certification recommendations.
responses:
'200':
description: Cert recommendation configuration attributes
content:
application/json:
schema:
type: object
properties:
recommenderFeatures:
type: array
items:
type: string
description: List of identity attributes to use for calculating certification recommendations
example:
- jobTitle
- location
- peer_group
- department
- active
peerGroupPercentageThreshold:
type: number
description: The percent value that the recommendation calculation must surpass to produce a YES recommendation
minimum: 0
maximum: 1
format: float
example: 0.5
runAutoSelectOnce:
type: boolean
description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected attribute and threshold values on the next pipeline run'
default: false
example: false
onlyTuneThreshold:
type: boolean
description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected threshold values on the next pipeline run'
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'iai:configuration:read'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
put:
operationId: updateRecommendationsConfig
summary: Update certification recommendation config values
tags:
- IAI Recommendations
description: Updates configuration attributes used by certification recommendations.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
recommenderFeatures:
type: array
items:
type: string
description: List of identity attributes to use for calculating certification recommendations
example:
- jobTitle
- location
- peer_group
- department
- active
peerGroupPercentageThreshold:
type: number
description: The percent value that the recommendation calculation must surpass to produce a YES recommendation
minimum: 0
maximum: 1
format: float
example: 0.5
runAutoSelectOnce:
type: boolean
description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected attribute and threshold values on the next pipeline run'
default: false
example: false
onlyTuneThreshold:
type: boolean
description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected threshold values on the next pipeline run'
default: false
example: false
responses:
'200':
description: Cert recommendation configuration attributes after update
content:
application/json:
schema:
type: object
properties:
recommenderFeatures:
type: array
items:
type: string
description: List of identity attributes to use for calculating certification recommendations
example:
- jobTitle
- location
- peer_group
- department
- active
peerGroupPercentageThreshold:
type: number
description: The percent value that the recommendation calculation must surpass to produce a YES recommendation
minimum: 0
maximum: 1
format: float
example: 0.5
runAutoSelectOnce:
type: boolean
description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected attribute and threshold values on the next pipeline run'
default: false
example: false
onlyTuneThreshold:
type: boolean
description: 'If true, rulesRecommenderConfig will be refreshed with new programatically selected threshold values on the next pipeline run'
default: false
example: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'iai:configuration:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/role-insights/requests:
post:
operationId: createRoleInsightRequests
summary: Generate insights for roles
deprecated: true
tags:
- Role Insights
description: Submits a create role insights request to the role insights application. At this time there are no parameters. All business roles will be processed for the customer.
responses:
'201':
description: Submitted a role insights generation request
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Request Id for a role insight generation request
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
createdDate:
type: string
format: date-time
description: The date-time role insights request was created.
example: '2020-09-16T18:49:32.150Z'
lastGenerated:
type: string
format: date-time
description: The date-time role insights request was completed.
example: '2020-09-16T18:50:12.150Z'
numberOfUpdates:
type: integer
description: Total number of updates for this request. Starts with 0 and will have correct number when request is COMPLETED.
example: 0
roleIds:
description: The role IDs that are in this request.
type: array
items:
type: string
status:
type: string
description: Request status
enum:
- CREATED
- IN PROGRESS
- COMPLETED
- FAILED
example:
id: c9aa02f7-86b0-4bc4-84bd-3116a6131e77
createdDate: '2020-09-16T18:49:32.150Z'
lastGenerated: '2020-09-16T18:49:32.150Z'
numberOfUpdates: 0
roleIds:
- 2c91808e720e94f8017253287c0a44f4
- 2c918087723ac2800172532191540e03
- 2c9180986e4c8592016e6b15eaef447c
status: CREATED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/role-insights/requests/{id}':
get:
operationId: getRoleInsightsRequests
summary: Returns metadata from prior request.
deprecated: true
tags:
- Role Insights
description: 'This endpoint returns details of a prior role insights request. '
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleInsights
description: The role insights request id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns details of an earlier role insights request.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Request Id for a role insight generation request
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
createdDate:
type: string
format: date-time
description: The date-time role insights request was created.
example: '2020-09-16T18:49:32.150Z'
lastGenerated:
type: string
format: date-time
description: The date-time role insights request was completed.
example: '2020-09-16T18:50:12.150Z'
numberOfUpdates:
type: integer
description: Total number of updates for this request. Starts with 0 and will have correct number when request is COMPLETED.
example: 0
roleIds:
description: The role IDs that are in this request.
type: array
items:
type: string
status:
type: string
description: Request status
enum:
- CREATED
- IN PROGRESS
- COMPLETED
- FAILED
example:
id: c9aa02f7-86b0-4bc4-84bd-3116a6131e77
createdDate: '2020-09-16T18:49:32.150Z'
lastGenerated: '2020-09-16T18:49:32.150Z'
numberOfUpdates: 0
roleIds:
- 2c91808e720e94f8017253287c0a44f4
- 2c918087723ac2800172532191540e03
- 2c9180986e4c8592016e6b15eaef447c
status: CREATED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/role-insights/summary:
get:
operationId: getRoleInsightsSummary
summary: Get role insights summary information
tags:
- Role Insights
description: This method returns high level summary information for role insights for a customer.
responses:
'200':
description: Succeeded. Returns high level counts.
content:
application/json:
schema:
type: object
properties:
numberOfUpdates:
type: integer
description: Total number of roles with updates
lastGenerated:
type: string
format: date-time
description: The date-time role insights were last found.
example: '2020-05-19T13:49:37.385Z'
entitlementsIncludedInRoles:
type: integer
description: The number of entitlements included in roles (vs free radicals).
example: 45
totalNumberOfEntitlements:
type: integer
description: The total number of entitlements.
example: 250
identitiesWithAccessViaRoles:
type: integer
description: The number of identities in roles vs. identities with just entitlements and not in roles.
example: 550
totalNumberOfIdentities:
type: integer
description: The total number of identities.
example: 980
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/role-insights:
get:
operationId: getRoleInsights
summary: Get role insights
tags:
- Role Insights
description: This method returns detailed role insights for each role.
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: sorters
in: query
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **numberOfUpdates, identitiesWithAccess, totalNumberOfIdentities**
example: numberOfUpdates
required: false
style: form
explode: true
schema:
type: string
- name: filters
in: query
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw*
**ownerName**: *sw*
**description**: *sw*
required: false
style: form
explode: true
example: name sw "John"
schema:
type: string
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of roles with information about insights for each role.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Insight id
example: 1467e61e-f284-439c-ba2d-c6cc11cf0941
numberOfUpdates:
type: integer
description: Total number of updates for this role
example: 5
createdDate:
type: string
format: date-time
description: The date-time insights were last created for this role.
modifiedDate:
type: string
format: date-time
nullable: true
description: The date-time insights were last modified for this role.
example: '2020-05-19T13:49:37.385Z'
role:
description: A role
type: object
properties:
name:
type: string
description: Role name
example: Software Engineer
id:
type: string
description: Role id
example: 1467e61e-f284-439c-ba2d-c6cc11cf0941
description:
type: string
description: Role description
example: Person who develops software
ownerName:
type: string
description: Role owner name
example: Bob
ownerId:
type: string
description: Role owner id
example: 1467e61e-f284-439c-ba2d-c6cc11cf0941
insight:
description: The kind of insight this is and some stats
type: object
properties:
type:
type: string
description: The number of identities in this role with the entitlement.
example: ADD
identitiesWithAccess:
type: integer
description: The number of identities in this role with the entitlement.
example: 850
identitiesImpacted:
type: integer
description: The number of identities in this role that do not have the specified entitlement.
example: 150
totalNumberOfIdentities:
type: integer
description: The total number of identities.
example: 1000
impactedIdentityNames:
type: string
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-insights/{insightId}':
get:
operationId: getRoleInsight
summary: Get a single role insight
tags:
- Role Insights
description: This endpoint gets role insights information for a role.
parameters:
- in: path
name: insightId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleInsights
description: The role insight id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns information about insights for a single role.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Insight id
example: 1467e61e-f284-439c-ba2d-c6cc11cf0941
numberOfUpdates:
type: integer
description: Total number of updates for this role
example: 5
createdDate:
type: string
format: date-time
description: The date-time insights were last created for this role.
modifiedDate:
type: string
format: date-time
nullable: true
description: The date-time insights were last modified for this role.
example: '2020-05-19T13:49:37.385Z'
role:
description: A role
type: object
properties:
name:
type: string
description: Role name
example: Software Engineer
id:
type: string
description: Role id
example: 1467e61e-f284-439c-ba2d-c6cc11cf0941
description:
type: string
description: Role description
example: Person who develops software
ownerName:
type: string
description: Role owner name
example: Bob
ownerId:
type: string
description: Role owner id
example: 1467e61e-f284-439c-ba2d-c6cc11cf0941
insight:
description: The kind of insight this is and some stats
type: object
properties:
type:
type: string
description: The number of identities in this role with the entitlement.
example: ADD
identitiesWithAccess:
type: integer
description: The number of identities in this role with the entitlement.
example: 850
identitiesImpacted:
type: integer
description: The number of identities in this role that do not have the specified entitlement.
example: 150
totalNumberOfIdentities:
type: integer
description: The total number of identities.
example: 1000
impactedIdentityNames:
type: string
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-insights/{insightId}/entitlement-changes':
get:
operationId: getRoleInsightsEntitlementsChanges
summary: Get entitlement insights for a role
tags:
- Role Insights
description: This endpoint returns entitlement insights for a role.
parameters:
- in: path
name: insightId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleInsights
description: The role insight id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: sorters
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **identitiesWithAccess, name**
required: false
style: form
explode: true
schema:
type: string
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw*
**description**: *sw*
required: false
style: form
example: name sw "Admin"
explode: true
schema:
type: string
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of entitlements to be added for a role.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: Name of the entitlement
example: Administrator
id:
type: string
description: Id of the entitlement
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
description:
type: string
nullable: true
description: Description for the entitlement
example: Full administrative access to IdentityNow
attribute:
type: string
description: Attribute for the entitlement
example: assignedGroups
value:
type: string
description: Attribute value for the entitlement
example: ORG_ADMIN
source:
type: string
description: Source or the application for the entitlement
example: IdentityNow
insight:
description: The kind of insight this is and some stats
type: object
properties:
type:
type: string
description: The number of identities in this role with the entitlement.
example: ADD
identitiesWithAccess:
type: integer
description: The number of identities in this role with the entitlement.
example: 850
identitiesImpacted:
type: integer
description: The number of identities in this role that do not have the specified entitlement.
example: 150
totalNumberOfIdentities:
type: integer
description: The total number of identities.
example: 1000
impactedIdentityNames:
type: string
nullable: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-insights/{insightId}/entitlement-changes/download':
get:
operationId: downloadRoleInsightsEntitlementsChanges
summary: Download entitlement insights for a role
tags:
- Role Insights
description: This endpoint returns the entitlement insights for a role.
parameters:
- in: path
name: insightId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleInsights
description: The role insight id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: sorters
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **identitiesWithAccess**
The default sort is **identitiesWithAccess** in descending order.
required: false
example: identitiesWithAccess
style: form
explode: true
schema:
type: string
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw*
**description**: *sw*
example: name sw "r"
required: false
style: form
explode: true
schema:
type: string
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a csv file containing a list of entitlements to be added for a role.
content:
text/csv:
schema:
type: string
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-insights/{insightId}/current-entitlements':
get:
operationId: getRoleInsightsCurrentEntitlements
summary: Get current entitlement for a role
tags:
- Role Insights
description: This endpoint gets the entitlements for a role. The term "current" is to distinguish from the entitlement(s) an insight might recommend adding.
parameters:
- in: path
name: insightId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleInsights
description: The role insight id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw*
**description**: *sw*
example: name sw "r"
required: false
style: form
explode: true
schema:
type: string
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of current or pre-existing entitlements for a role.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: Name of the entitlement
example: Administrator
id:
type: string
description: Id of the entitlement
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
description:
type: string
description: Description for the entitlement
nullable: true
example: Full administrative access to IdentityNow
source:
type: string
description: Source or the application for the entitlement
example: IdentityNow
attribute:
type: string
description: Attribute for the entitlement
example: assignedGroups
value:
type: string
description: Attribute value for the entitlement
example: ORG_ADMIN
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-insights/{insightId}/entitlement-changes/{entitlementId}/identities':
get:
operationId: getEntitlementChangesIdentities
summary: Get identities for a suggested entitlement (for a role)
tags:
- Role Insights
description: 'Role insights suggests entitlements to be added for a role. This endpoint returns a list of identities in the role, with or without the entitlements, for a suggested entitlement so that the user can see which identities would be affected if the suggested entitlement were to be added to the role.'
parameters:
- in: path
name: insightId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleInsights
description: The role insight id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: entitlementId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listEntitlements
description: The entitlement id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: hasEntitlement
description: Identity has this entitlement or not
required: false
style: form
explode: true
schema:
type: boolean
default: false
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
example: name
required: false
style: form
explode: true
schema:
type: string
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw*
example: name sw "Jan"
required: false
style: form
explode: true
schema:
type: string
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of identities with or without the entitlement.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id for identity
name:
type: string
description: Name for identity
attributes:
type: object
additionalProperties:
type: string
example:
id: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
name: Adam Smith
attributes:
department: Human Resources-tah-mgb-dnd
firstName: Adam
jobTitle: Sales Analyst
location: Mexico
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/role-mining-sessions:
post:
operationId: createRoleMiningSessions
summary: Create a role mining session
tags:
- IAI Role Mining
description: This submits a create role mining session request to the role mining application.
requestBody:
description: Role mining session parameters
required: true
content:
application/json:
schema:
type: object
properties:
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
- displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 50
format: int32
prescribedPruneThreshold:
type: integer
description: The calculated prescribedPruneThreshold
nullable: true
example: 10
format: int32
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
potentialRoleCount:
type: integer
description: Number of potential roles
example: 0
format: int32
potentialRolesReadyCount:
type: integer
description: Number of potential roles ready
example: 0
format: int32
type:
description: Role mining session type
example: SPECIALIZED
type: string
enum:
- SPECIALIZED
- COMMON
emailRecipientId:
type: string
description: The id of the user who will receive an email about the role mining session
nullable: true
example: 2c918090761a5aac0176215c46a62d58
identityCount:
type: integer
description: Number of identities in the population which meet the search criteria or identity list provided
example: 0
format: int32
saved:
type: boolean
description: The session's saved status
default: false
example: true
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
responses:
'201':
description: Submitted a role mining session request
content:
application/json:
schema:
type: object
properties:
scope:
description: The scope of identities for this role mining session
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
minNumIdentitiesInPotentialRole:
type: integer
nullable: true
description: Minimum number of identities in a potential role
example: 20
scopingMethod:
type: string
description: The scoping method of the role mining session
nullable: true
example: AUTO_RM
prescribedPruneThreshold:
type: integer
nullable: true
description: The computed (or prescribed) prune threshold for this session
example: 83
pruneThreshold:
type: integer
nullable: true
description: The prune threshold to be used for this role mining session
example: 70
potentialRoleCount:
type: integer
description: The number of potential roles
example: 8
potentialRolesReadyCount:
type: integer
description: The number of potential roles which have completed processing
example: 4
status:
description: The role mining session status
type: object
properties:
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
emailRecipientId:
type: string
description: The id of the user who will receive an email about the role mining session
nullable: true
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
identityCount:
type: integer
description: The number of identities
example: 39
saved:
type: boolean
description: The session's saved status
default: false
example: true
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
dataFilePath:
type: string
description: The data file path of the role mining session
nullable: true
id:
type: string
description: Session Id for this role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
createdDate:
type: string
format: date-time
description: The date-time when this role mining session was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this role mining session was completed.
type:
description: Role mining session type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
example:
scope:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria: null
scopingMethod: AUTO_RM
minNumIdentitiesInPotentialRole: 20
pruneThreshold: 70
prescribedPruneThreshold: 83
potentialRoleCount: 8
potentialRolesReadyCount: 4
status:
state: POTENTIAL_ROLES_PROCESSING
type: SPECIALIZED
emailRecipientId: null
createdBy: null
identityCount: 0
saved: false
name: null
dataFilePath: null
id: 602ba738-cf48-499b-a780-7b67b3fc1ecf
createdDate: '2021-09-08T16:11:05.348Z'
modifiedDate: '2021-09-08T16:11:05.348Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
get:
operationId: getRoleMiningSessions
summary: Retrieves all role mining sessions
tags:
- IAI Role Mining
description: Returns all role mining sessions that match the query parameters
parameters:
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**saved**: *eq*
**name**: *eq, sw*
example: saved eq "true" and name sw "RM Session"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **createdBy, createdDate**
example: 'createdBy,createdDate'
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns all role mining sessions that match the query parameters.
content:
application/json:
schema:
type: array
items:
type: object
properties:
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
- displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 50
format: int32
prescribedPruneThreshold:
type: integer
description: The calculated prescribedPruneThreshold
nullable: true
example: 10
format: int32
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
potentialRoleCount:
type: integer
description: Number of potential roles
example: 0
format: int32
potentialRolesReadyCount:
type: integer
description: Number of potential roles ready
example: 0
format: int32
type:
description: Role mining session type
example: SPECIALIZED
type: string
enum:
- SPECIALIZED
- COMMON
emailRecipientId:
type: string
description: The id of the user who will receive an email about the role mining session
nullable: true
example: 2c918090761a5aac0176215c46a62d58
identityCount:
type: integer
description: Number of identities in the population which meet the search criteria or identity list provided
example: 0
format: int32
saved:
type: boolean
description: The session's saved status
default: false
example: true
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}':
patch:
operationId: patchRoleMiningSession
summary: Patch a role mining session
tags:
- IAI Role Mining
description: 'The method updates an existing role mining session using PATCH. Supports op in {"replace"} and changes to pruneThreshold and/or minNumIdentitiesInPotentialRole. The potential roles in this role mining session is then re-calculated.'
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id to be patched
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
description: Replace pruneThreshold and/or minNumIdentitiesInPotentialRole in role mining session. Update saved status or saved name for a role mining session.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /pruneThreshold
value: '83'
- op: replace
path: /minNumIdentitiesInPotentialRole
value: '10'
- op: replace
path: /saved
value: 'false'
- op: replace
path: /name
value: RM Session - 07/10/22
- op: add
path: /name
value: RM Session - 07/10/22
responses:
'202':
description: Accepted - Returned if the request was successfully accepted into the system.
content:
application/json:
schema:
type: object
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
get:
operationId: getRoleMiningSession
summary: Get a role mining session
tags:
- IAI Role Mining
description: The method retrieves a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id to be retrieved.
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Returns a role mining session
content:
application/json:
schema:
type: object
properties:
scope:
description: The scope of identities for this role mining session
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
minNumIdentitiesInPotentialRole:
type: integer
nullable: true
description: Minimum number of identities in a potential role
example: 20
scopingMethod:
type: string
description: The scoping method of the role mining session
nullable: true
example: AUTO_RM
prescribedPruneThreshold:
type: integer
nullable: true
description: The computed (or prescribed) prune threshold for this session
example: 83
pruneThreshold:
type: integer
nullable: true
description: The prune threshold to be used for this role mining session
example: 70
potentialRoleCount:
type: integer
description: The number of potential roles
example: 8
potentialRolesReadyCount:
type: integer
description: The number of potential roles which have completed processing
example: 4
status:
description: The role mining session status
type: object
properties:
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
emailRecipientId:
type: string
description: The id of the user who will receive an email about the role mining session
nullable: true
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
identityCount:
type: integer
description: The number of identities
example: 39
saved:
type: boolean
description: The session's saved status
default: false
example: true
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
dataFilePath:
type: string
description: The data file path of the role mining session
nullable: true
id:
type: string
description: Session Id for this role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
createdDate:
type: string
format: date-time
description: The date-time when this role mining session was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this role mining session was completed.
type:
description: Role mining session type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
example:
scope:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria: null
scopingMethod: AUTO_RM
minNumIdentitiesInPotentialRole: 20
pruneThreshold: 70
prescribedPruneThreshold: 83
potentialRoleCount: 8
potentialRolesReadyCount: 4
status:
state: POTENTIAL_ROLES_PROCESSING
type: SPECIALIZED
emailRecipientId: null
createdBy: null
identityCount: 0
saved: false
name: null
dataFilePath: null
id: 602ba738-cf48-499b-a780-7b67b3fc1ecf
createdDate: '2021-09-08T16:11:05.348Z'
modifiedDate: '2021-09-08T16:11:05.348Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/status':
get:
operationId: getRoleMiningSessionStatus
summary: Get role mining session status state
tags:
- IAI Role Mining
description: This method returns a role mining session status for a customer.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns session status
content:
application/json:
schema:
type: object
properties:
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-role-summaries':
get:
operationId: getPotentialRoleSummaries
summary: Retrieves all potential role summaries
tags:
- IAI Role Mining
description: This method returns the potential role summaries for a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: sorters
required: false
style: form
explode: true
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **createdDate**
example: createdDate
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**createdById**: *eq, sw, co*
**createdByName**: *eq, sw, co*
**description**: *sw, co*
**endDate**: *le, lt*
**freshness**: *eq, ge, gt, le, lt*
**name**: *eq, sw, co*
**quality**: *eq, ge, gt, le, lt*
**startDate**: *ge, gt*
**saved**: *eq*
**type**: *eq*
example: (createdByName co "int")and (createdById sw "2c9180907")and (type eq "COMMON")and ((name co "entt")or (saved eq true))
required: false
style: form
explode: true
schema:
type: string
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of potential role summaries for a role mining session.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
name:
type: string
description: Name of the potential role
example: Potential Role - e0cc5d
potentialRoleRef:
description: Details about the potential role
type: object
properties:
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
name:
type: string
description: Name of the potential role
example: Potential Role - e0cc5d
identityCount:
type: integer
description: The number of identities in a potential role.
format: int32
example: 25
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
format: int32
example: 15
identityGroupStatus:
type: string
description: The status for this identity group which can be "REQUESTED" or "OBTAINED"
example: OBTAINED
provisionState:
description: 'The status of provisioning for this potential role. Can be "POTENTIAL", "PENDING", "FAILED", or "COMPLETE".'
example: PENDING
type: string
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
- null
roleId:
type: string
description: ID of the provisioned role in IIQ or IDN. Null if this potential role has not been provisioned.
nullable: true
example: 2a4be6fbcf3c4e66b95a0c15ffd591
density:
type: integer
description: The density metric (0-100) of this potential role. Higher density values indicate higher similarity amongst the identities.
format: int32
example: 90
freshness:
type: integer
description: The freshness metric (0-100) of this potential role. Higher freshness values indicate this potential role is more distinctive compared to existing roles.
format: int32
example: 70
quality:
type: integer
description: The quality metric (0-100) of this potential role. Higher quality values indicate this potential role has high density and freshness.
format: int32
example: 80
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The potential role created by details
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
saved:
type: boolean
description: The potential role's saved status
default: false
example: true
description:
type: string
nullable: true
description: Description of the potential role
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-role-summaries/{potentialRoleId}':
get:
operationId: getPotentialRole
summary: Retrieves a specific potential role
tags:
- IAI Role Mining
description: This method returns a specific potential role for a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of potential roles for a role mining session.
content:
application/json:
schema:
type: object
properties:
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
density:
type: integer
description: The density of a potential role.
example: 75
format: int32
description:
type: string
nullable: true
description: The description of a potential role.
example: Potential Role for Accounting dept
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
example: 25
format: int32
excludedEntitlements:
description: The list of entitlement ids to be excluded.
nullable: true
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
freshness:
type: integer
description: The freshness of a potential role.
example: 75
format: int32
identityCount:
type: integer
description: The number of identities in a potential role.
example: 25
format: int32
identityDistribution:
description: Identity attribute distribution.
nullable: true
type: array
items:
type: object
properties:
attributeName:
type: string
description: Id of the potential role
example: department
distribution:
type: array
items:
type: object
additionalProperties: true
example:
- attributeValue: NM Tier 3
count: 6
identityIds:
description: The list of ids in a potential role.
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
name:
type: string
description: Name of the potential role.
example: Saved Potential Role - 07/10
provisionState:
allOf:
- type: string
description: Provision state
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
- null
example: POTENTIAL
- description: The provisioning state of a potential role.
nullable: true
quality:
type: integer
description: The quality of a potential role.
example: 100
format: int32
roleId:
type: string
nullable: true
description: The roleId of a potential role.
example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519
saved:
type: boolean
description: The potential role's saved status.
example: true
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this potential role was modified.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchPotentialRole
summary: Update a potential role
tags:
- IAI Role Mining
description: |
The method updates an existing potential role using.
The following fields can be modified:
* `description`
* `name`
* `saved`
>**NOTE: All other fields cannot be modified.**
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: The potential role summary id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json-patch+json:
schema:
type: array
items:
allOf:
- type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
properties:
op:
type: string
description: The operation to be performed
enum:
- remove
- replace
example: replace
example:
- op: remove
path: /description
- op: replace
path: /description
value: Acct I - Potential Role
- op: remove
path: /saved
- op: replace
path: /saved
value: 'false'
- op: remove
path: /name
- op: replace
path: /name
value: Potential Role Accounting
responses:
'200':
description: Succeeded. Returns the potential role summary based on the potentialRoleId provided.
content:
application/json:
schema:
type: object
items:
type: object
properties:
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
density:
type: integer
description: The density of a potential role.
example: 75
format: int32
description:
type: string
nullable: true
description: The description of a potential role.
example: Potential Role for Accounting dept
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
example: 25
format: int32
excludedEntitlements:
description: The list of entitlement ids to be excluded.
nullable: true
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
freshness:
type: integer
description: The freshness of a potential role.
example: 75
format: int32
identityCount:
type: integer
description: The number of identities in a potential role.
example: 25
format: int32
identityDistribution:
description: Identity attribute distribution.
nullable: true
type: array
items:
type: object
properties:
attributeName:
type: string
description: Id of the potential role
example: department
distribution:
type: array
items:
type: object
additionalProperties: true
example:
- attributeValue: NM Tier 3
count: 6
identityIds:
description: The list of ids in a potential role.
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
name:
type: string
description: Name of the potential role.
example: Saved Potential Role - 07/10
provisionState:
allOf:
- type: string
description: Provision state
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
- null
example: POTENTIAL
- description: The provisioning state of a potential role.
nullable: true
quality:
type: integer
description: The quality of a potential role.
example: 100
format: int32
roleId:
type: string
nullable: true
description: The roleId of a potential role.
example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519
saved:
type: boolean
description: The potential role's saved status.
example: true
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this potential role was modified.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-role-summaries/{potentialRoleId}/applications':
get:
operationId: getPotentialRoleApplications
summary: Retrieves the applications of a potential role for a role mining session
tags:
- IAI Role Mining
description: This method returns the applications of a potential role for a role mining session.
parameters:
- in: query
name: filters
schema:
type: string
required: false
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**applicationName**: *sw*
example: applicationName sw "test"
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id in a role mining session
example: 62f28d91-7d9f-4d17-be15-666d5b41d77f
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of potential roles for a role mining session.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the application
example:
id: 2c9180877212632a017228d5a796292b
name:
type: string
description: Name of the application
example:
name: Slack
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'iai:access-modeling:read'
x-sailpoint-userLevels:
- ORG_ADMIN
'/role-mining-sessions/{sessionId}/potential-role-summaries/{potentialRoleId}/entitlements':
get:
operationId: getPotentialRoleEntitlements
summary: Retrieves the entitlements of a potential role for a role mining session
tags:
- IAI Role Mining
description: This method returns the entitlements of a potential role for a role mining session.
parameters:
- in: query
name: filters
schema:
type: string
required: false
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**entitlementRef.name**: *sw*
example: entitlementRef.name sw "test"
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id in a role mining session
example: 62f28d91-7d9f-4d17-be15-666d5b41d77f
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns the entitlements of a potential role for a role mining session. session.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the entitlement
example:
id: 2c9180877212632a017228d5a796292c
name:
type: string
description: Name of the entitlement
example:
name: LauncherTest2
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'iai:access-modeling:read'
x-sailpoint-userLevels:
- ORG_ADMIN
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/entitlement-popularities':
get:
operationId: getEntitlementsPotentialRole
summary: Retrieves entitlements for a potential role in a role mining session
tags:
- IAI Role Mining
description: This method returns entitlements for a potential role in a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: includeCommonAccess
description: Boolean determining whether common access entitlements will be included or not
example: true
required: false
style: form
explode: true
schema:
type: boolean
default: true
- in: query
name: sorters
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **popularity, entitlementName, applicationName**
The default sort is **popularity** in descending order.
example: popularity
required: false
style: form
explode: true
schema:
type: string
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**applicationName**: *sw*
**entitlementRef.name**: *sw*
example: applicationName sw "AD"
required: false
style: form
explode: true
schema:
type: string
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of entitlements for a potential role.
content:
application/json:
schema:
type: array
items:
type: object
properties:
entitlementRef:
description: Details about the entitlement
example:
id: 2c91808a7e95e6e0017e96e2086206c8
name: App.entitlement.1
description: Entitlement 1
attribute: groups
type: object
properties:
id:
type: string
description: Id of the entitlement
example: 2c91808a7e95e6e0017e96e2086206c8
name:
type: string
description: Name of the entitlement
example: App.entitlement.1
description:
type: string
description: Description forthe entitlement
nullable: true
example: Entitlement 1
attribute:
type: string
description: The entitlement attribute
example: groups
name:
type: string
description: Name of the entitlement
example: Add/modify/delete users
applicationName:
type: string
description: Application name of the entitlement
example: AppName
identityCount:
type: integer
description: The number of identities with this entitlement in a role.
format: int32
example: 45
popularity:
type: number
description: The % popularity of this entitlement in a role.
format: float
example: 65.2
popularityInOrg:
type: number
description: The % popularity of this entitlement in the org.
format: float
example: 35.8
sourceId:
type: string
description: The ID of the source/application.
example: 2c9180877620c1460176267f336a106f
activitySourceState:
type: string
description: The status of activity data for the source. Value is complete or notComplete.
nullable: true
example: complete
sourceUsagePercent:
type: number
description: The percentage of identities in the potential role that have usage of the source/application of this entitlement.
format: float
nullable: true
example: 65.6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth: []
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/entitlement-popularity-distribution':
get:
operationId: getEntitlementDistributionPotentialRole
summary: Retrieves entitlement popularity distribution for a potential role in a role mining session
tags:
- IAI Role Mining
description: This method returns entitlement popularity distribution for a potential role in a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: includeCommonAccess
description: Boolean determining whether common access entitlements will be included or not
required: false
style: form
explode: true
schema:
type: boolean
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a map containing entitlement popularity distribution for a potential role.
content:
application/json:
schema:
type: object
additionalProperties:
type: integer
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/edit-entitlements':
post:
operationId: updateEntitlementsPotentialRole
summary: Edit entitlements for a potential role to exclude some entitlements
tags:
- IAI Role Mining
description: This endpoint adds or removes entitlements from an exclusion list for a potential role.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
description: Role mining session parameters
required: true
content:
application/json:
schema:
type: object
properties:
ids:
description: The list of entitlement ids to be edited
type: array
items:
type: string
exclude:
type: boolean
description: 'If true, add ids to be exclusion list. If false, remove ids from the exclusion list.'
example:
ids:
- entId1
- entId2
exclude: true
responses:
'201':
description: Adds or removes entitlements from a potential role's entitlement exclusion list.
content:
application/json:
schema:
type: object
properties:
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
density:
type: integer
description: The density of a potential role.
example: 75
format: int32
description:
type: string
nullable: true
description: The description of a potential role.
example: Potential Role for Accounting dept
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
example: 25
format: int32
excludedEntitlements:
description: The list of entitlement ids to be excluded.
nullable: true
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
freshness:
type: integer
description: The freshness of a potential role.
example: 75
format: int32
identityCount:
type: integer
description: The number of identities in a potential role.
example: 25
format: int32
identityDistribution:
description: Identity attribute distribution.
nullable: true
type: array
items:
type: object
properties:
attributeName:
type: string
description: Id of the potential role
example: department
distribution:
type: array
items:
type: object
additionalProperties: true
example:
- attributeValue: NM Tier 3
count: 6
identityIds:
description: The list of ids in a potential role.
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
name:
type: string
description: Name of the potential role.
example: Saved Potential Role - 07/10
provisionState:
allOf:
- type: string
description: Provision state
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
- null
example: POTENTIAL
- description: The provisioning state of a potential role.
nullable: true
quality:
type: integer
description: The quality of a potential role.
example: 100
format: int32
roleId:
type: string
nullable: true
description: The roleId of a potential role.
example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519
saved:
type: boolean
description: The potential role's saved status.
example: true
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this potential role was modified.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/identities':
get:
operationId: getIdentitiesPotentialRole
summary: Retrieves identities for a potential role in a role mining session
tags:
- IAI Role Mining
description: This method returns identities for a potential role in a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: sorters
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
required: false
style: form
explode: true
example: name
schema:
type: string
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *sw*
required: false
style: form
explode: true
schema:
type: string
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of identities for a potential role.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the identity
example: 2c9180877212632a017228d5934525e6
name:
type: string
description: Name of the identity
example: Allene Abernathy-Welch
attributes:
type: object
additionalProperties:
type: string
nullable: true
example:
jobTitle: SQL Developer
department: IT
location: NYC
firstName: Allene
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export':
get:
operationId: exportRoleMiningPotentialRole
summary: Export (download) details for a potential role in a role mining session
tags:
- IAI Role Mining
description: This endpoint downloads all the information for a potential role in a role mining session. Includes identities and entitlements in the potential role.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role.
content:
application/zip:
schema:
type: string
format: binary
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async':
post:
operationId: exportRoleMiningPotentialRoleAsync
summary: Asynchronously export details for a potential role in a role mining session and upload to S3
tags:
- IAI Role Mining
description: This endpoint uploads all the information for a potential role in a role mining session to S3 as a downloadable zip archive. Includes identities and entitlements in the potential role.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id in a role mining session
example: 278359a6-04b7-4669-9468-924cf580964a
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
content:
application/json:
schema:
type: object
properties:
minEntitlementPopularity:
type: integer
description: The minimum popularity among identities in the role which an entitlement must have to be included in the report
example: 0
includeCommonAccess:
type: boolean
description: 'If false, do not include entitlements that are highly popular among the entire orginization'
example: true
example:
minEntitlementPopularity: 0
includeCommonAccess: true
responses:
'202':
description: Job Submitted. Returns a reportId that can be used to download the zip once complete
content:
application/json:
schema:
allOf:
- type: object
properties:
minEntitlementPopularity:
type: integer
description: The minimum popularity among identities in the role which an entitlement must have to be included in the report
example: 0
includeCommonAccess:
type: boolean
description: 'If false, do not include entitlements that are highly popular among the entire orginization'
example: true
example:
minEntitlementPopularity: 0
includeCommonAccess: true
- type: object
properties:
exportId:
type: string
format: uuid
description: ID used to reference this export
example: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04
status:
description: The status of this export
example: QUEUED
type: string
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example:
exportId: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04
status: QUEUED
minEntitlementPopularity: 0
includeCommonAccess: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async/{exportId}':
get:
operationId: exportRoleMiningPotentialRoleStatus
summary: Retrieve status of a potential role export job
tags:
- IAI Role Mining
description: This endpoint retrieves information about the current status of a potential role export.
parameters:
- in: path
name: sessionId
schema:
type: string
format: uuid
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
format: uuid
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id in a role mining session
example: 278359a6-04b7-4669-9468-924cf580964a
- in: path
name: exportId
schema:
type: string
format: uuid
required: true
x-sailpoint-resource-operation-id: exportRoleMiningPotentialRoleAsync
description: The id of a previously run export job for this potential role
example: 4940ffd4-836f-48a3-b2b0-6d498c3fdf40
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Success. Returns the current status of this export
content:
application/json:
schema:
allOf:
- type: object
properties:
minEntitlementPopularity:
type: integer
description: The minimum popularity among identities in the role which an entitlement must have to be included in the report
example: 0
includeCommonAccess:
type: boolean
description: 'If false, do not include entitlements that are highly popular among the entire orginization'
example: true
example:
minEntitlementPopularity: 0
includeCommonAccess: true
- type: object
properties:
exportId:
type: string
format: uuid
description: ID used to reference this export
example: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04
status:
description: The status of this export
example: QUEUED
type: string
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example:
exportId: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04
status: QUEUED
minEntitlementPopularity: 0
includeCommonAccess: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async/{exportId}/download':
get:
operationId: downloadRoleMiningPotentialRoleZip
summary: Export (download) details for a potential role in a role mining session
tags:
- IAI Role Mining
description: This endpoint downloads a completed export of information for a potential role in a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
format: uuid
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
format: uuid
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id in a role mining session
example: 278359a6-04b7-4669-9468-924cf580964a
- in: path
name: exportId
schema:
type: string
format: uuid
required: true
x-sailpoint-resource-operation-id: exportRoleMiningPotentialRoleAsync
description: The id of a previously run export job for this potential role
example: 4940ffd4-836f-48a3-b2b0-6d498c3fdf40
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role.
content:
application/zip:
schema:
type: string
format: binary
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/provision':
post:
operationId: createPotentialRoleProvisionRequest
summary: Create request to provision a potential role into an actual role.
tags:
- IAI Role Mining
description: This method starts a job to provision a potential role
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: min-entitlement-popularity
description: Minimum popularity required for an entitlement to be included in the provisioned role.
required: false
style: form
explode: true
schema:
type: integer
default: 0
minimum: 0
maximum: 100
- in: query
name: include-common-access
description: Boolean determining whether common access entitlements will be included in the provisioned role.
required: false
style: form
explode: true
schema:
type: boolean
default: true
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
description: Required information to create a new role
content:
application/json:
schema:
type: object
properties:
roleName:
type: string
description: Name of the new role being created
example: Finance - Accounting
roleDescription:
type: string
description: Short description of the new role being created
example: General access for accounting department
ownerId:
type: string
description: ID of the identity that will own this role
example: 2b568c65bc3c4c57a43bd97e3a8e41
includeIdentities:
type: boolean
description: 'When true, create access requests for the identities associated with the potential role'
default: false
example: true
directlyAssignedEntitlements:
type: boolean
description: 'When true, assign entitlements directly to the role; otherwise, create access profiles containing the entitlements'
default: false
example: false
responses:
'202':
description: Accepted. Returns a potential role summary including the status of the provison request
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
name:
type: string
description: Name of the potential role
example: Potential Role - e0cc5d
potentialRoleRef:
description: Details about the potential role
type: object
properties:
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
name:
type: string
description: Name of the potential role
example: Potential Role - e0cc5d
identityCount:
type: integer
description: The number of identities in a potential role.
format: int32
example: 25
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
format: int32
example: 15
identityGroupStatus:
type: string
description: The status for this identity group which can be "REQUESTED" or "OBTAINED"
example: OBTAINED
provisionState:
description: 'The status of provisioning for this potential role. Can be "POTENTIAL", "PENDING", "FAILED", or "COMPLETE".'
example: PENDING
type: string
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
- null
roleId:
type: string
description: ID of the provisioned role in IIQ or IDN. Null if this potential role has not been provisioned.
nullable: true
example: 2a4be6fbcf3c4e66b95a0c15ffd591
density:
type: integer
description: The density metric (0-100) of this potential role. Higher density values indicate higher similarity amongst the identities.
format: int32
example: 90
freshness:
type: integer
description: The freshness metric (0-100) of this potential role. Higher freshness values indicate this potential role is more distinctive compared to existing roles.
format: int32
example: 70
quality:
type: integer
description: The quality metric (0-100) of this potential role. Higher quality values indicate this potential role has high density and freshness.
format: int32
example: 80
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The potential role created by details
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
saved:
type: boolean
description: The potential role's saved status
default: false
example: true
description:
type: string
nullable: true
description: Description of the potential role
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/excluded-entitlements':
get:
operationId: getExcludedEntitlementsPotentialRole
summary: Retrieves excluded entitlements for a potential role in a role mining session
tags:
- IAI Role Mining
description: This method returns excluded entitlements for a potential role in a role mining session.
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id in a role mining session
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: query
name: sorters
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **popularity**
example: populariity
required: false
style: form
explode: true
schema:
type: string
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**applicationName**: *sw*
**entitlementRef.name**: *sw*
example: applicationName sw "AD"
required: false
style: form
explode: true
schema:
type: string
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of excluded entitlements for a potential roles.
content:
application/json:
schema:
type: array
items:
type: object
properties:
entitlementRef:
description: Details about the entitlement
example:
id: 2c91808a7e95e6e0017e96e2086206c8
name: App.entitlement.1
description: Entitlement 1
attribute: groups
type: object
properties:
id:
type: string
description: Id of the entitlement
example: 2c91808a7e95e6e0017e96e2086206c8
name:
type: string
description: Name of the entitlement
example: App.entitlement.1
description:
type: string
description: Description forthe entitlement
nullable: true
example: Entitlement 1
attribute:
type: string
description: The entitlement attribute
example: groups
name:
type: string
description: Name of the entitlement
example: Add/modify/delete users
applicationName:
type: string
description: Application name of the entitlement
example: AppName
identityCount:
type: integer
description: The number of identities with this entitlement in a role.
format: int32
example: 45
popularity:
type: number
description: The % popularity of this entitlement in a role.
format: float
example: 65.2
popularityInOrg:
type: number
description: The % popularity of this entitlement in the org.
format: float
example: 35.8
sourceId:
type: string
description: The ID of the source/application.
example: 2c9180877620c1460176267f336a106f
activitySourceState:
type: string
description: The status of activity data for the source. Value is complete or notComplete.
nullable: true
example: complete
sourceUsagePercent:
type: number
description: The percentage of identities in the potential role that have usage of the source/application of this entitlement.
format: float
nullable: true
example: 65.6
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/role-mining-potential-roles:
get:
operationId: getAllPotentialRoleSummaries
summary: Retrieves all potential role summaries
tags:
- IAI Role Mining
description: Returns all potential role summaries that match the query parameters
security:
- userAuth: []
parameters:
- in: query
name: sorters
required: false
style: form
explode: true
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **createdDate, identityCount, entitlementCount, freshness, quality**
example: createdDate
- in: query
name: filters
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**createdById**: *eq, sw, co*
**createdByName**: *eq, sw, co*
**description**: *sw, co*
**endDate**: *le, lt*
**freshness**: *eq, ge, gt, le, lt*
**name**: *eq, sw, co, ge, gt, le, lt*
**quality**: *eq, ge, gt, le, lt*
**startDate**: *ge, gt*
**saved**: *eq*
**type**: *eq, ge, gt, le, lt*
**scopingMethod**: *eq*
**sessionState**: *eq*
**identityAttribute**: *co*
example: (createdByName co "int") and (createdById sw "2c9180907") and (type eq "COMMON") and ((name co "entt") or (saved eq true))
required: false
style: form
explode: true
schema:
type: string
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns all potential role summaries that match the query parameters.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
name:
type: string
description: Name of the potential role
example: Potential Role - e0cc5d
potentialRoleRef:
description: Details about the potential role
type: object
properties:
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
name:
type: string
description: Name of the potential role
example: Potential Role - e0cc5d
identityCount:
type: integer
description: The number of identities in a potential role.
format: int32
example: 25
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
format: int32
example: 15
identityGroupStatus:
type: string
description: The status for this identity group which can be "REQUESTED" or "OBTAINED"
example: OBTAINED
provisionState:
description: 'The status of provisioning for this potential role. Can be "POTENTIAL", "PENDING", "FAILED", or "COMPLETE".'
example: PENDING
type: string
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
- null
roleId:
type: string
description: ID of the provisioned role in IIQ or IDN. Null if this potential role has not been provisioned.
nullable: true
example: 2a4be6fbcf3c4e66b95a0c15ffd591
density:
type: integer
description: The density metric (0-100) of this potential role. Higher density values indicate higher similarity amongst the identities.
format: int32
example: 90
freshness:
type: integer
description: The freshness metric (0-100) of this potential role. Higher freshness values indicate this potential role is more distinctive compared to existing roles.
format: int32
example: 70
quality:
type: integer
description: The quality metric (0-100) of this potential role. Higher quality values indicate this potential role has high density and freshness.
format: int32
example: 80
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The potential role created by details
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
saved:
type: boolean
description: The potential role's saved status
default: false
example: true
description:
type: string
nullable: true
description: Description of the potential role
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-potential-roles/{potentialRoleId}':
get:
operationId: getRoleMiningPotentialRole
summary: Retrieves a specific potential role
tags:
- IAI Role Mining
description: This method returns a specific potential role.
security:
- userAuth: []
parameters:
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of potential roles for a role mining session.
content:
application/json:
schema:
type: object
properties:
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
density:
type: integer
description: The density of a potential role.
example: 75
format: int32
description:
type: string
nullable: true
description: The description of a potential role.
example: Potential Role for Accounting dept
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
example: 25
format: int32
excludedEntitlements:
description: The list of entitlement ids to be excluded.
nullable: true
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
freshness:
type: integer
description: The freshness of a potential role.
example: 75
format: int32
identityCount:
type: integer
description: The number of identities in a potential role.
example: 25
format: int32
identityDistribution:
description: Identity attribute distribution.
nullable: true
type: array
items:
type: object
properties:
attributeName:
type: string
description: Id of the potential role
example: department
distribution:
type: array
items:
type: object
additionalProperties: true
example:
- attributeValue: NM Tier 3
count: 6
identityIds:
description: The list of ids in a potential role.
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
name:
type: string
description: Name of the potential role.
example: Saved Potential Role - 07/10
provisionState:
allOf:
- type: string
description: Provision state
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
- null
example: POTENTIAL
- description: The provisioning state of a potential role.
nullable: true
quality:
type: integer
description: The quality of a potential role.
example: 100
format: int32
roleId:
type: string
nullable: true
description: The roleId of a potential role.
example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519
saved:
type: boolean
description: The potential role's saved status.
example: true
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this potential role was modified.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchPotentialRole
summary: Update a potential role
tags:
- IAI Role Mining
description: |
The method updates an existing potential role using.
The following fields can be modified:
* `description`
* `name`
* `saved`
>**NOTE: All other fields cannot be modified.**
security:
- userAuth: []
parameters:
- in: path
name: sessionId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getRoleMiningSessions
description: The role mining session id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: The potential role summary id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json-patch+json:
schema:
type: array
items:
allOf:
- type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
properties:
op:
type: string
description: The operation to be performed
enum:
- remove
- replace
example: replace
example:
- op: remove
path: /description
- op: replace
path: /description
value: Acct I - Potential Role
- op: remove
path: /saved
- op: replace
path: /saved
value: 'false'
- op: remove
path: /name
- op: replace
path: /name
value: Potential Role Accounting
responses:
'200':
description: Succeeded. Returns the potential role summary based on the potentialRoleId provided.
content:
application/json:
schema:
type: object
items:
type: object
properties:
createdBy:
oneOf:
- type: object
properties:
id:
type: string
description: ID of the creator
example: 2c918090761a5aac0176215c46a62d58
displayName:
type: string
description: The display name of the creator
example: Ashley.Pierce
- type: string
nullable: true
description: Workaround to support null
example: Dummy
description: The session created by details
density:
type: integer
description: The density of a potential role.
example: 75
format: int32
description:
type: string
nullable: true
description: The description of a potential role.
example: Potential Role for Accounting dept
entitlementCount:
type: integer
description: The number of entitlements in a potential role.
example: 25
format: int32
excludedEntitlements:
description: The list of entitlement ids to be excluded.
nullable: true
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
freshness:
type: integer
description: The freshness of a potential role.
example: 75
format: int32
identityCount:
type: integer
description: The number of identities in a potential role.
example: 25
format: int32
identityDistribution:
description: Identity attribute distribution.
nullable: true
type: array
items:
type: object
properties:
attributeName:
type: string
description: Id of the potential role
example: department
distribution:
type: array
items:
type: object
additionalProperties: true
example:
- attributeValue: NM Tier 3
count: 6
identityIds:
description: The list of ids in a potential role.
type: array
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
name:
type: string
description: Name of the potential role.
example: Saved Potential Role - 07/10
provisionState:
allOf:
- type: string
description: Provision state
enum:
- POTENTIAL
- PENDING
- COMPLETE
- FAILED
- null
example: POTENTIAL
- description: The provisioning state of a potential role.
nullable: true
quality:
type: integer
description: The quality of a potential role.
example: 100
format: int32
roleId:
type: string
nullable: true
description: The roleId of a potential role.
example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519
saved:
type: boolean
description: The potential role's saved status.
example: true
session:
description: The session parameters of the potential role.
type: object
properties:
id:
type: string
description: The ID of the role mining session
example: 9f36f5e5-1e81-4eca-b087-548959d91c71
name:
type: string
description: The session's saved name
nullable: true
example: Saved RM Session - 07/10
minNumIdentitiesInPotentialRole:
type: integer
description: Minimum number of identities in a potential role
nullable: true
example: 20
format: int32
pruneThreshold:
type: integer
description: The prune threshold to be used or null to calculate prescribedPruneThreshold
nullable: true
example: 5
format: int32
saved:
type: boolean
default: true
description: The session's saved status
example: true
scope:
description: The scope of identities for this role mining session
example:
identityIds: []
criteria: 'source.name:DataScienceDataset'
attributeFilterCriteria:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type: object
properties:
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
criteria:
type: string
description: The "search" criteria that produces the list of identities for this role mining session.
nullable: true
example: 'source.name:DataScienceDataset'
attributeFilterCriteria:
type: array
items:
type: object
description: The filter criteria for this role mining session.
nullable: true
example:
displayName:
untranslated: 'Location: Miami'
ariaLabel:
untranslated: 'Location: Miami'
data:
displayName:
translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION
name: location
operator: EQUALS
values:
- Miami
type:
description: Role mining potential type
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
state:
description: Role mining session state
type: string
enum:
- CREATED
- UPDATED
- IDENTITIES_OBTAINED
- PRUNE_THRESHOLD_OBTAINED
- POTENTIAL_ROLES_PROCESSING
- POTENTIAL_ROLES_CREATED
example: CREATED
scopingMethod:
description: Scoping method used in current role mining session
type: string
enum:
- MANUAL
- AUTO_RM
example: MANUAL
type:
description: Role mining potential type.
type: string
enum:
- SPECIALIZED
- COMMON
example: SPECIALIZED
id:
type: string
description: Id of the potential role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
createdDate:
type: string
format: date-time
description: The date-time when this potential role was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this potential role was modified.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/role-mining-potential-roles/saved:
get:
operationId: getSavedPotentialRoles
summary: Retrieves all saved potential roles
tags:
- IAI Role Mining
description: This method returns all saved potential roles (draft roles).
security:
- userAuth: []
parameters:
- in: query
name: sorters
required: false
style: form
explode: true
schema:
type: string
format: comma-separated
description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/) Sorting is supported for the following fields: **modified**'
example: modified
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of draft roles for a role mining session.
content:
application/json:
schema:
type: array
items:
type: object
properties:
name:
type: string
description: Name of the draft role
example: Saved RM Session - 07/10
description:
type: string
description: Draft role description
example: Person who develops software
identityIds:
type: array
items:
type: string
description: The list of identities for this role mining session.
example:
- 2c918090761a5aac0176215c46a62d58
- 2c918090761a5aac01722015c46a62d42
entitlementIds:
type: array
items:
type: string
description: The list of entitlement ids for this role mining session.
example:
- 2c91808a7624751a01762f19d665220d
- 2c91808a7624751a01762f19d67c220e
excludedEntitlements:
type: array
description: The list of excluded entitlement ids.
items:
type: string
example:
- 07a0b4e2
- 13b4e2a0
modified:
type: string
format: date-time
description: Last modified date
example: '2020-09-16T18:49:32.150Z'
type:
description: Role mining session type
example: SPECIALIZED
type: string
enum:
- SPECIALIZED
- COMMON
id:
type: string
description: Id of the potential draft role
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
createdDate:
type: string
format: date-time
description: The date-time when this potential draft role was created.
modifiedDate:
type: string
format: date-time
description: The date-time when this potential draft role was modified.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/role-mining-potential-roles/{potentialRoleId}/sources/{sourceId}/identityUsage':
get:
operationId: getPotentialRoleSourceIdentityUsage
summary: Retrieves potential role source usage
tags:
- IAI Role Mining
description: This method returns source usageCount (as number of days in the last 90 days) for each identity in a potential role.
security:
- userAuth: []
parameters:
- in: path
name: potentialRoleId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: getPotentialRoleSummaries
description: A potential role id
example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
- in: path
name: sourceId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: A source id
example: 2c9180877620c1460176267f336a106f
- in: query
name: sorters
required: false
style: form
explode: true
schema:
type: string
format: comma-separated
description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/) Sorting is supported for the following fields: **displayName, email, usageCount**'
example: '-usageCount'
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Succeeded. Returns a list of source usage for the identities in a potential role.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The identity ID
example: 2c918089762475180176267f894b54dc
displayName:
type: string
description: Display name for the identity
example: Kirk Koepp
email:
type: string
description: Email address for the identity
example: kirk.koepp@testmail.identitynow.com
usageCount:
type: integer
description: The number of days there has been usage of the source by the identity.
format: int32
example: 25
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/roles/{id}/entitlements':
get:
operationId: getRoleEntitlements
tags:
- Roles
summary: List role's entitlements
description: Get a list of entitlements associated with a specified role.
parameters:
- name: id
in: path
description: Containing role's ID.
required: true
x-sailpoint-resource-operation-id: listRoles
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**attribute**: *eq, sw*
**value**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**source.id**: *eq, in*
example: attribute eq "memberOf"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, attribute, value, created, modified**
example: 'name,-modified'
required: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of Entitlements
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The entitlement id
example: 2c91808874ff91550175097daaec161c
name:
type: string
description: The entitlement name
example: LauncherTest2
attribute:
type: string
description: The entitlement attribute name
example: memberOf
value:
type: string
description: The value of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
sourceSchemaObjectType:
type: string
description: The object type of the entitlement from the source schema
example: group
description:
type: string
description: The description of the entitlement
example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local'
nullable: true
privileged:
type: boolean
description: True if the entitlement is privileged
default: false
example: true
cloudGoverned:
type: boolean
description: True if the entitlement is cloud governed
default: false
example: true
requestable:
type: boolean
description: True if the entitlement is able to be directly requested
example: true
default: false
owner:
type: object
description: The identity that owns the entitlement
nullable: true
properties:
id:
type: string
description: The identity ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
enum:
- IDENTITY
description: The type of object
example: IDENTITY
name:
type: string
description: The display name of the identity
example: john.doe
manuallyUpdatedFields:
type: object
description: 'A map of entitlement fields that have been manually updated. The key is the field name in UPPER_SNAKE_CASE format, and the value is true or false to indicate if the field has been updated.'
nullable: true
additionalProperties: true
example:
DISPLAY_NAME: true
DESCRIPTION: true
accessModelMetadata:
type: object
description: Additional data to classify the entitlement
properties:
attributes:
type: array
items:
type: object
description: Metadata that describes an access item
properties:
key:
type: string
description: Unique identifier for the metadata type
example: iscCsp
name:
type: string
description: Human readable name of the metadata type
example: CSP
multiselect:
type: boolean
default: false
example: true
description: Allows selecting multiple values
status:
type: string
description: The state of the metadata item
example: active
type:
type: string
description: The type of the metadata item
example: governance
objectTypes:
type: array
description: The types of objects
example:
- general
items:
type: string
example: general
description:
type: string
description: Describes the metadata item
example: Indicates the type of deployment environment of an access item.
values:
type: array
description: The value to assign to the metadata item
items:
type: object
description: An individual value to assign to the metadata item
properties:
value:
type: string
description: The value to assign to the metdata item
example: development
name:
type: string
description: Display name of the value
example: Development
status:
type: string
description: The status of the individual value
example: active
created:
type: string
description: Time when the entitlement was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the entitlement was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
source:
type: object
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
attributes:
type: object
description: A map of free-form key-value pairs from the source system
example:
fieldName: fieldValue
additionalProperties: true
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Entitlement is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
directPermissions:
type: array
items:
type: object
description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.'
properties:
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
example: HereIsRight1
readOnly: true
items:
type: string
example: SELECT
target:
type: string
description: The target the permission would grants rights on.
readOnly: true
example: SYS.GV_$TRANSACTION
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
- applicationAuth:
- 'idn:role-unchecked:read'
- 'idn:role-unchecked:manage'
- 'idn:role-checked:manage'
- 'idn:role-checked:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
/send-test-notification:
post:
operationId: sendTestNotification
tags:
- Notifications
summary: Send test notification
description: Send a Test Notification
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
key:
type: string
description: The template notification key.
example: cloud_manual_work_item_summary
medium:
type: string
description: The notification medium. Has to be one of the following enum values.
enum:
- EMAIL
- SLACK
- TEAMS
context:
type: object
description: A Json object that denotes the context specific to the template.
example:
key: cloud_manual_work_item_summary
medium: EMAIL
context:
numberOfPendingTasks: '4'
ownerId: 201327fda1c44704ac01181e963d463c
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/sim-integrations/{id}':
put:
tags:
- SIM Integrations
summary: Update an existing sim integration
description: Update an existing SIM integration.
operationId: putSIMIntegration
requestBody:
description: The full DTO of the integration containing the updated model
content:
application/json:
schema:
type: object
title: Sim Integration Details
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
properties:
description:
type: string
description: The description of the integration
example: Integration description
nullable: false
type:
type: string
description: The integration type
example: ServiceNow Service Desk
nullable: false
attributes:
type: object
description: The attributes map containing the credentials used to configure the integration.
nullable: true
example: '{"uid":"Walter White","firstname":"walter","cloudStatus":"UNREGISTERED","displayName":"Walter White","identificationNumber":"942","lastSyncDate":1470348809380,"email":"walter@gmail.com","lastname":"white"}'
sources:
type: array
description: The list of sources (managed resources)
items:
type: string
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
nullable: false
cluster:
type: string
description: The cluster/proxy
example: xyzzy999
nullable: false
statusMap:
type: object
description: Custom mapping between the integration result and the provisioning result
example:
closed_cancelled: Failed
closed_complete: Committed
closed_incomplete: Failed
closed_rejected: Failed
in_process: Queued
requested: Queued
request:
type: object
description: Request data to customize desc and body of the created ticket
example:
description: 'SailPoint Access Request,'
req_description: 'The Service Request created by SailPoint ServiceNow Service Integration Module (SIM).,'
req_short_description: 'SailPoint New Access Request Created from IdentityNow,'
short_description: SailPoint Access Request $!plan.arguments.identityRequestId
beforeProvisioningRule:
description: Before provisioning rule of integration
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
required: true
parameters:
- name: id
in: path
description: The id of the integration.
schema:
type: string
example: 12345
required: true
x-sailpoint-resource-operation-id: getSIMIntegrations
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: details of the updated integration
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-admin:create'
x-sailpoint-userLevels:
- ORG_ADMIN
get:
tags:
- SIM Integrations
summary: Get a sim integration details.
description: Get the details of a SIM integration.
operationId: getSIMIntegration
parameters:
- name: id
in: path
description: The id of the integration.
schema:
type: string
example: 12345
required: true
x-sailpoint-resource-operation-id: getSIMIntegrations
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: The DTO containing the details of the SIM integration
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-admin:read'
x-sailpoint-userLevels:
- ORG_ADMIN
delete:
tags:
- SIM Integrations
summary: Delete a sim integration
description: Get the details of a SIM integration.
operationId: deleteSIMIntegration
parameters:
- name: id
description: The id of the integration to delete.
in: path
schema:
type: string
example: 12345
required: true
x-sailpoint-resource-operation-id: getSIMIntegrations
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: No content response
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-admin:write'
x-sailpoint-userLevels:
- ORG_ADMIN
patch:
tags:
- SIM Integrations
summary: Patch a sim attribute.
description: Patch a SIM attribute given a JsonPatch object.
operationId: patchSIMAttributes
requestBody:
required: true
description: The JsonPatch object that describes the changes of SIM
content:
application/json-patch+json:
schema:
type: object
description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
properties:
operations:
description: Operations to be applied
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
parameters:
- name: id
description: SIM integration id
in: path
schema:
type: string
example: 12345
required: true
x-sailpoint-resource-operation-id: getSIMIntegrations
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: The updated DTO containing the details of the SIM integration.
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-admin:write'
x-sailpoint-userLevels:
- ORG_ADMIN
'/sim-integrations/{id}/beforeProvisioningRule':
patch:
tags:
- SIM Integrations
summary: Patch a sim beforeprovisioningrule attribute.
description: Patch a SIM beforeProvisioningRule attribute given a JsonPatch object.
operationId: patchBeforeProvisioningRule
requestBody:
required: true
description: The JsonPatch object that describes the changes of SIM beforeProvisioningRule.
content:
application/json-patch+json:
schema:
type: object
description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
properties:
operations:
description: Operations to be applied
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
parameters:
- name: id
in: path
description: SIM integration id
schema:
type: string
example: 12345
required: true
x-sailpoint-resource-operation-id: getSIMIntegrations
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: The updated DTO containing the details of the SIM integration.
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-admin:write'
x-sailpoint-userLevels:
- ORG_ADMIN
/sim-integrations:
get:
tags:
- SIM Integrations
summary: List the existing sim integrations.
description: List the existing SIM integrations.
operationId: getSIMIntegrations
responses:
'200':
description: The DTO containing the details of the SIM integration
content:
application/json:
schema:
type: array
items:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-admin:read'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
post:
tags:
- SIM Integrations
summary: Create new sim integration
description: Create a new SIM Integrations.
operationId: createSIMIntegration
requestBody:
description: DTO containing the details of the SIM integration
content:
application/json:
schema:
type: object
title: Sim Integration Details
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
properties:
description:
type: string
description: The description of the integration
example: Integration description
nullable: false
type:
type: string
description: The integration type
example: ServiceNow Service Desk
nullable: false
attributes:
type: object
description: The attributes map containing the credentials used to configure the integration.
nullable: true
example: '{"uid":"Walter White","firstname":"walter","cloudStatus":"UNREGISTERED","displayName":"Walter White","identificationNumber":"942","lastSyncDate":1470348809380,"email":"walter@gmail.com","lastname":"white"}'
sources:
type: array
description: The list of sources (managed resources)
items:
type: string
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
nullable: false
cluster:
type: string
description: The cluster/proxy
example: xyzzy999
nullable: false
statusMap:
type: object
description: Custom mapping between the integration result and the provisioning result
example:
closed_cancelled: Failed
closed_complete: Committed
closed_incomplete: Failed
closed_rejected: Failed
in_process: Queued
requested: Queued
request:
type: object
description: Request data to customize desc and body of the created ticket
example:
description: 'SailPoint Access Request,'
req_description: 'The Service Request created by SailPoint ServiceNow Service Integration Module (SIM).,'
req_short_description: 'SailPoint New Access Request Created from IdentityNow,'
short_description: SailPoint Access Request $!plan.arguments.identityRequestId
beforeProvisioningRule:
description: Before provisioning rule of integration
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
type: string
description: ID of the rule
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Human-readable display name of the rule
example: Example Rule
required: true
responses:
'200':
description: details of the created integration
content:
application/json:
schema:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:service-desk-admin:create'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/sp-config/export:
post:
operationId: exportSpConfig
security:
- userAuth:
- 'sp:config:read'
- 'sp:config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- SP-Config
summary: Initiates configuration objects export job
description: |-
This post will export objects from the tenant to a JSON configuration file.
For more information about the object types that currently support export functionality, refer to [SaaS Configuration](https://developer.sailpoint.com/idn/docs/saas-configuration/#supported-objects).
requestBody:
description: Export options control what will be included in the export.
required: true
content:
application/json:
schema:
type: object
allOf:
- type: object
properties:
excludeTypes:
description: Object type names to be excluded from an sp-config export command.
type: array
items:
type: string
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- CONNECTOR_RULE
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: SOURCE
includeTypes:
description: Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes.
type: array
items:
type: string
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- CONNECTOR_RULE
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: TRIGGER_SUBSCRIPTION
objectOptions:
description: Additional options targeting specific objects related to each item in the includeTypes field
type: object
additionalProperties:
type: object
properties:
includedIds:
description: Object ids to be included in an import or export.
type: array
items:
type: string
example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
description: Object names to be included in an import or export.
type: array
items:
type: string
example: Test Object
example:
TRIGGER_SUBSCRIPTION:
includedIds:
- be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
- Test 2
properties:
description:
type: string
description: Optional user defined description/name for export job.
example: Export Job 1 Test
examples:
Export all objects available:
description: Export all object types available in IDN.
value:
description: Export all available objects
excludeTypes: []
includeTypes:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- CONNECTOR_RULE
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
objectOptions: {}
Export sources by ID:
description: Export only sources that match the IDs specified in the export options.
value:
description: Export sources by ID
excludeTypes: []
includeTypes:
- SOURCE
objectOptions:
SOURCE:
includedIds:
- be9e116d-08e1-49fc-ab7f-fa585e96c9e4
- be9p119e-90e1-49pk-ac9f-fa576e96c9e4
includedNames: []
Export transforms by name:
description: Export only transforms that match the names specified in the export options.
value:
description: Export transforms by name
excludeTypes: []
includeTypes:
- TRANSFORM
objectOptions:
TRANSFORM:
includedIds: []
includedNames:
- Remove Diacritical Marks
- Common - Location Lookup
Export trigger subscriptions triggers and transforms with custom options:
description: Export trigger subscriptions and transforms that match the export options.
value:
description: Export trigger subscriptions and transforms with custom filter options
excludeTypes: []
includeTypes:
- TRANSFORM
- TRIGGER_SUBSCRIPTION
objectOptions:
TRANSFORM:
includedIds: []
includedNames:
- Remove Diacritical Marks
- Common - Location Lookup
TRIGGER_SUBSCRIPTION:
includedIds:
- be9e116d-08e1-49fc-ab7f-fa585e96c9e4
- be9p119e-90e1-49pk-ac9f-fa576e96c9e4
includedNames:
- 'NGROK Test: fire and forget'
- Manager Certification
responses:
'202':
description: Export job accepted and queued for processing.
content:
application/json:
schema:
allOf:
- type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, either export or import.'
enum:
- EXPORT
- IMPORT
example: IMPORT
expiration:
type: string
format: date-time
description: The time until which the artifacts will be available for download.
example: '2021-05-11T22:23:16Z'
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
required:
- jobId
- status
- type
- expiration
- created
- modified
- type: object
nullable: true
properties:
description:
type: string
description: Optional user defined description/name for export job.
example: ETS configuration objects from Acme-Solar sandbox
'400':
description: |
Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sp-config/export/{id}':
get:
operationId: getSpConfigExportStatus
security:
- userAuth:
- 'sp:config:read'
- 'sp:config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- SP-Config
summary: Get export job status
description: |-
This gets the status of the export job identified by the `id` parameter.
The request will need one of the following security scopes:
- sp:config:read - sp:config:manage
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: exportSpConfig
description: The ID of the export job whose status will be returned.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Export job status successfully returned.
content:
application/json:
schema:
allOf:
- allOf:
- type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, either export or import.'
enum:
- EXPORT
- IMPORT
example: IMPORT
expiration:
type: string
format: date-time
description: The time until which the artifacts will be available for download.
example: '2021-05-11T22:23:16Z'
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
required:
- jobId
- status
- type
- expiration
- created
- modified
- type: object
nullable: true
properties:
description:
type: string
description: Optional user defined description/name for export job.
example: ETS configuration objects from Acme-Solar sandbox
- type: object
nullable: true
properties:
completed:
type: string
format: date-time
description: The time the job was completed.
example: '2021-05-11T22:23:16Z'
example:
jobId: 1e824aa0-4c6e-4f14-95e9-e7dc5234aa51
status: COMPLETE
type: EXPORT
message: null
description: Export Job 1 Test
expiration: '2021-05-20T15:04:24Z'
created: '2021-05-13T15:04:24.112Z'
modified: '2021-05-13T15:04:27.363Z'
completed: '2021-05-13T15:04:27.358Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sp-config/export/{id}/download':
get:
operationId: getSpConfigExport
security:
- userAuth:
- 'sp:config:read'
- 'sp:config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- SP-Config
summary: Download export job result.
description: |-
This endpoint gets the export file resulting from the export job with the requested `id` and downloads it to a file.
The request will need one of the following security scopes:
- sp:config:read - sp:config:manage
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: exportSpConfig
description: The ID of the export job whose results will be downloaded.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Exported JSON objects.
content:
application/json:
schema:
type: object
title: Config Export Response Body
description: Response model for config export download response.
properties:
version:
type: integer
description: Current version of the export results object.
example: 1
timestamp:
type: string
format: date-time
description: Time the export was completed.
example: '2021-05-11T22:23:16Z'
tenant:
type: string
description: Name of the tenant where this export originated.
example: sample-tenant
description:
type: string
description: Optional user defined description/name for export job.
example: Export Job 1 Test
options:
description: Options used to create this export.
type: object
properties:
excludeTypes:
description: Object type names to be excluded from an sp-config export command.
type: array
items:
type: string
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- CONNECTOR_RULE
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: SOURCE
includeTypes:
description: Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes.
type: array
items:
type: string
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- CONNECTOR_RULE
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: TRIGGER_SUBSCRIPTION
objectOptions:
description: Additional options targeting specific objects related to each item in the includeTypes field
type: object
additionalProperties:
type: object
properties:
includedIds:
description: Object ids to be included in an import or export.
type: array
items:
type: string
example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
description: Object names to be included in an import or export.
type: array
items:
type: string
example: Test Object
example:
TRIGGER_SUBSCRIPTION:
includedIds:
- be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
- Test 2
objects:
type: array
items:
type: object
title: Config Object for Export and Import
description: Config export and import format for individual object configurations.
properties:
version:
type: integer
description: Current version of configuration object.
example: 1
self:
type: object
description: Self block for imported/exported object.
properties:
type:
type: string
description: 'Imported/exported object''s DTO type. Import is currently only possible with the CONNECTOR_RULE, IDENTITY_OBJECT_CONFIG, IDENTITY_PROFILE, RULE, SOURCE, TRANSFORM, and TRIGGER_SUBSCRIPTION object types.'
enum:
- ACCESS_PROFILE
- ACCESS_REQUEST_CONFIG
- ATTR_SYNC_SOURCE_CONFIG
- AUTH_ORG
- CAMPAIGN_FILTER
- CONNECTOR_RULE
- FORM_DEFINITION
- GOVERNANCE_GROUP
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- LIFECYCLE_STATE
- NOTIFICATION_TEMPLATE
- PASSWORD_POLICY
- PASSWORD_SYNC_GROUP
- PUBLIC_IDENTITIES_CONFIG
- ROLE
- RULE
- SEGMENT
- SERVICE_DESK_INTEGRATION
- SOD_POLICY
- SOURCE
- TAG
- TRANSFORM
- TRIGGER_SUBSCRIPTION
- WORKFLOW
example: SOURCE
id:
type: string
description: Imported/exported object's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Imported/exported object's display name.
example: HR Active Directory
object:
description: Object details. Format dependant on the object type.
additionalProperties: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sp-config/import:
post:
operationId: importSpConfig
security:
- userAuth:
- 'sp:config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- SP-Config
summary: Initiates configuration objects import job
description: |
This post will import objects from a JSON configuration file into a tenant.
By default, every import will first export all existing objects supported by sp-config as a backup before the import is attempted.
The backup is provided so that the state of the configuration prior to the import is available for inspection or restore if needed.
The backup can be skipped by setting "excludeBackup" to true in the import options.
If a backup is performed, the id of the backup will be provided in the ImportResult as the "exportJobId". This can be downloaded
using the `/sp-config/export/{exportJobId}/download` endpoint.
You cannot currently import from the Non-Employee Lifecycle Management (NELM) source. You cannot use this endpoint to back up or store NELM data.
For more information about the object types that currently support import functionality, refer to [SaaS Configuration](https://developer.sailpoint.com/idn/docs/saas-configuration/#supported-objects).
parameters:
- in: query
name: preview
schema:
type: boolean
default: false
required: false
description: |
This option is intended to give the user information about how an
import operation would proceed, without having any effect on the target tenant.
If this parameter is "true", no objects will be imported. Instead, the import
process will pre-process the import file and attempt to resolve references within
imported objects. The import result file will contain messages pertaining to
how specific references were resolved, any errors associated with the preprocessing,
and messages indicating which objects would be imported.
example: 'true'
requestBody:
description: "The form-data \"name\" attribute for the file content must be \"data\".\n\n__Example__\n\n data: \"config_export_0340b957-5caa-44f6-ada2-d3c4c5bd0b19.json\",\n options: {\n \"excludeTypes\": [],\n \"includeTypes\": [\"TRIGGER_SUBSCRIPTION\"],\n \"objectOptions\": {\n \"TRIGGER_SUBSCRIPTION\": {\n \"includedIds\": [ \"193446a1-c431-4326-8ba7-d6eebf922948\"],\n \"includedNames\":[]\n }\n },\n \"defaultReferences\": [\n {\n \"type\": \"TRIGGER_SUBSCRIPTION\",\n \"id\": \"be9e116d-08e1-49fc-ab7f-fa585e96c9e4\",\n \"name\": \"Test Trigger\"\n }\n ],\n \"excludeBackup\": false\n }\n\n__Sample Import File__\n\n {\n \t\"version\": 1,\n \t\"timestamp\": \"2021-05-10T15:19:23.425041-05:00\",\n \t\"tenant\": \"sampleTenant\",\n \t\"options\": {\n \t\t\"excludeTypes\": [],\n \t\t\"includeTypes\": [\"TRIGGER_SUBSCRIPTION\"],\n \t\t\"objectOptions\": null\n \t},\n \t\"objects\": [{\n \t\t\t\"version\": 1,\n \t\t\t\"self\": {\n \t\t\t\t\"type\": \"TRIGGER_SUBSCRIPTION\",\n \t\t\t\t\"name\": \"test trigger\",\n \t\t\t\t\"id\": \"193446a1-c431-4326-8ba7-d6eebf922948\"\n \t\t\t},\n \t\t\t\"object\": {\n \t\t\t\t\"type\": \"HTTP\",\n \t\t\t\t\"enabled\": true,\n \t\t\t\t\"httpConfig\": {\n \t\t\t\t\t\"url\": \"https://localhost\",\n \t\t\t\t\t\"httpAuthenticationType\": \"NO_AUTH\",\n \t\t\t\t\t\"basicAuthConfig\": null,\n \t\t\t\t\t\"bearerTokenAuthConfig\": null,\n \t\t\t\t\t\"httpDispatchMode\": \"SYNC\"\n \t\t\t\t},\n \t\t\t\t\"triggerName\": \"Access Request Submitted\",\n \t\t\t\t\"responseDeadline\": \"PT1H\",\n \t\t\t\t\"name\": \"test trigger\",\n \t\t\t\t\"triggerId\": \"idn:access-request-pre-approval\"\n \t\t\t}\n \t\t}\n \t]\n }\n"
required: true
content:
multipart/form-data:
schema:
type: object
properties:
data:
type: string
format: binary
description: JSON file containing the objects to be imported.
options:
type: object
properties:
excludeTypes:
description: Object type names to be excluded from an sp-config export command.
type: array
items:
type: string
enum:
- CONNECTOR_RULE
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- RULE
- SOURCE
- TRANSFORM
- TRIGGER_SUBSCRIPTION
example: SOURCE
includeTypes:
description: Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes.
type: array
items:
type: string
enum:
- CONNECTOR_RULE
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- RULE
- SOURCE
- TRANSFORM
- TRIGGER_SUBSCRIPTION
example: TRIGGER_SUBSCRIPTION
objectOptions:
description: Additional options targeting specific objects related to each item in the includeTypes field
type: object
additionalProperties:
type: object
properties:
includedIds:
description: Object ids to be included in an import or export.
type: array
items:
type: string
example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
description: Object names to be included in an import or export.
type: array
items:
type: string
example: Test Object
example:
TRIGGER_SUBSCRIPTION:
includedIds:
- be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
- Test 2
defaultReferences:
description: List of object types that can be used to resolve references on import.
type: array
items:
type: string
enum:
- CONNECTOR_RULE
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- RULE
- SOURCE
- TRANSFORM
- TRIGGER_SUBSCRIPTION
example: TRIGGER_SUBSCRIPTION
excludeBackup:
description: 'By default, every import will first export all existing objects supported by sp-config as a backup before the import is attempted. If excludeBackup is true, the backup will not be performed.'
type: boolean
default: false
example: 'false'
required:
- data
example:
data: config_export_0340b957-5caa-44f6-ada2-d3c4c5bd0b19.json
options:
excludeTypes: []
includeTypes:
- TRIGGER_SUBSCRIPTION
objectOptions:
TRIGGER_SUBSCRIPTION:
includedIds:
- be9e116d-08e1-49fc-ab7f-fa585e96c9e4
includedNames:
- Lori Test 2
defaultReferences:
- type: TRIGGER_SUBSCRIPTION
id: be9e116d-08e1-49fc-ab7f-fa585e96c9e4
name: Test Trigger
excludeBackup: false
responses:
'202':
description: Import job accepted and queued for processing.
content:
application/json:
schema:
type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, either export or import.'
enum:
- EXPORT
- IMPORT
example: IMPORT
expiration:
type: string
format: date-time
description: The time until which the artifacts will be available for download.
example: '2021-05-11T22:23:16Z'
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
required:
- jobId
- status
- type
- expiration
- created
- modified
'400':
description: |
Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sp-config/import/{id}':
get:
operationId: getSpConfigImportStatus
security:
- userAuth:
- 'sp:config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- SP-Config
summary: Get import job status
description: |
'This gets the status of the import job identified by the `id` parameter.
For more information about the object types that currently support import functionality,
refer to [SaaS Configuration](https://developer.sailpoint.com/idn/docs/saas-configuration/#supported-objects).'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: importSpConfig
description: The ID of the import job whose status will be returned.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: Import job status successfully returned.
content:
application/json:
schema:
allOf:
- type: object
properties:
jobId:
type: string
description: Unique id assigned to this job.
example: 3469b87d-48ca-439a-868f-2160001da8c1
status:
type: string
description: Status of the job.
enum:
- NOT_STARTED
- IN_PROGRESS
- COMPLETE
- CANCELLED
- FAILED
example: COMPLETE
type:
type: string
description: 'Type of the job, either export or import.'
enum:
- EXPORT
- IMPORT
example: IMPORT
expiration:
type: string
format: date-time
description: The time until which the artifacts will be available for download.
example: '2021-05-11T22:23:16Z'
created:
type: string
format: date-time
description: The time the job was started.
example: '2021-05-11T22:23:16Z'
modified:
type: string
format: date-time
description: The time of the last update to the job.
example: '2021-05-11T22:23:16Z'
required:
- jobId
- status
- type
- expiration
- created
- modified
- type: object
nullable: true
properties:
message:
type: string
description: This message contains additional information about the overall status of the job.
example: Download import results for details.
- type: object
nullable: true
properties:
completed:
type: string
format: date-time
description: The time the job was completed.
example: '2021-05-11T22:23:16Z'
example:
jobId: 4fb10503-1c49-4603-8f8d-886e1f6aa47b
status: COMPLETE
type: IMPORT
message: Download import results for details.
description: null
expiration: '2021-05-20T16:42:39Z'
created: '2021-05-13T16:42:39.333Z'
modified: '2021-05-13T16:42:40.71Z'
completed: '2021-05-13T16:42:40.705Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sp-config/import/{id}/download':
get:
operationId: getSpConfigImport
security:
- userAuth:
- 'sp:config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- SP-Config
summary: Download import job result
description: |-
This gets import file resulting from the import job with the requested id and downloads it to a file. The downloaded file will contain the results of the import operation, including any error, warning or informational messages associated with the import.
The request will need the following security scope:
- sp:config:manage
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: importSpConfig
description: The ID of the import job whose results will be downloaded.
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: 'Import results JSON object, containing detailed results of the import operation.'
content:
application/json:
schema:
type: object
title: Config Import Response Body
description: Response Body for Config Import command.
properties:
results:
type: object
additionalProperties:
type: object
title: Import Object Response Body
description: Response model for import of a single object.
properties:
infos:
description: Informational messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties:
type: object
example:
details: message details
required:
- key
- text
- details
warnings:
description: Warning messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties:
type: object
example:
details: message details
required:
- key
- text
- details
errors:
description: Error messages returned from the target service on import.
type: array
items:
type: object
title: Config Import/Export Message
description: Message model for Config Import/Export.
properties:
key:
type: string
description: Message key.
example: UNKNOWN_REFERENCE_RESOLVER
text:
type: string
description: Message text.
example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
details:
type: object
description: 'Message details if any, in key:value pairs.'
additionalProperties:
type: object
example:
details: message details
required:
- key
- text
- details
importedObjects:
description: References to objects that were created or updated by the import.
type: array
items:
type: object
description: Object created or updated by import.
properties:
type:
type: string
description: DTO type of object created or updated by import.
enum:
- CONNECTOR_RULE
- IDENTITY_OBJECT_CONFIG
- IDENTITY_PROFILE
- RULE
- SOURCE
- TRANSFORM
- TRIGGER_SUBSCRIPTION
example: SOURCE
id:
type: string
description: ID of object created or updated by import.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Display name of object created or updated by import.
example: HR Active Directory
required:
- infos
- warnings
- errors
- importedObjects
description: The results of an object configuration import job.
example:
results:
TRIGGER_SUBSCRIPTION:
infos:
- key: IMPORT_PREVIEW
text: 'Object to be imported: [c953134c-2224-42f2-a84e-fa5cbb395904, Test 2]'
detail: null
- key: IMPORT_PREVIEW
text: 'Object to be imported: [be9e116d-08e1-49fc-ab7f-fa585e96c9e4, Test 1]'
detail: null
warnings: []
errors: []
importedObjects: []
exportJobId:
type: string
description: 'If a backup was performed before the import, this will contain the jobId of the backup job. This id can be used to retrieve the json file of the backup export.'
example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4
required:
- results
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/sp-config/config-objects:
get:
operationId: listSpConfigObjects
security:
- userAuth:
- 'sp:config:read'
- 'sp:config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- SP-Config
summary: List config objects
description: Get a list of object configurations that the tenant export/import service knows.
responses:
'200':
description: Object configurations returned successfully.
content:
application/json:
schema:
type: array
items:
title: Object Configuration Model
description: Response model for object configuration.
type: object
properties:
objectType:
type: string
description: Object type the configuration is for.
example: TRIGGER_SUBSCRIPTION
referenceExtractors:
type: array
nullable: true
description: 'List of JSON paths within an exported object of this type, representing references that must be resolved.'
items:
type: string
example:
- $.owner
signatureRequired:
type: boolean
default: false
description: Indicates whether this type of object will be JWS signed and cannot be modified before import.
example: false
alwaysResolveById:
type: boolean
default: false
description: Indicates whether this object type must be always be resolved by ID.
example: true
legacyObject:
type: boolean
default: false
description: Indicates whether this is a legacy object.
example: false
onePerTenant:
type: boolean
default: false
description: Indicates whether there is only one object of this type.
example: false
exportable:
type: boolean
default: false
description: Indicates whether the object can be exported or is just a reference object.
example: true
rules:
type: object
title: Config Object Rules
description: Rules to be applied to the config object during the draft process.
properties:
takeFromTargetRules:
type: array
items:
type: object
title: Config Object Rule
description: Format of Config Hub object rules.
properties:
path:
type: string
description: JSONPath expression denoting the path within the object where a value substitution should be applied.
example: $.enabled
value:
anyOf:
- type: object
- type: array
- type: string
- type: number
- type: boolean
nullable: true
description: Value to be assigned at the jsonPath location within the object.
modes:
type: array
description: Draft modes the rule will apply to.
items:
type: string
enum:
- RESTORE
- PROMOTE
- UPLOAD
example:
- RESTORE
- PROMOTE
defaultRules:
type: array
items:
type: object
title: Config Object Rule
description: Format of Config Hub object rules.
properties:
path:
type: string
description: JSONPath expression denoting the path within the object where a value substitution should be applied.
example: $.enabled
value:
anyOf:
- type: object
- type: array
- type: string
- type: number
- type: boolean
nullable: true
description: Value to be assigned at the jsonPath location within the object.
modes:
type: array
description: Draft modes the rule will apply to.
items:
type: string
enum:
- RESTORE
- PROMOTE
- UPLOAD
example:
- RESTORE
- PROMOTE
editable:
type: boolean
default: false
description: Indicates whether the object can be edited.
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/attribute-sync-config':
get:
operationId: getSourceAttrSyncConfig
tags:
- Sources
summary: Attribute sync config
description: 'This API returns the existing attribute synchronization configuration for a source specified by the given ID. The response contains all attributes, regardless of whether they enabled or not.'
security:
- userAuth:
- 'idn:attr-sync-source-config:read'
- 'idn:attr-sync-source-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- HELPDESK
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Attribute synchronization configuration for a source
content:
application/json:
schema:
type: object
description: Specification of attribute sync configuration for a source
required:
- source
- attributes
properties:
source:
type: object
description: Target source for attribute synchronization.
properties:
type:
type: string
description: DTO type of target source for attribute synchronization.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of target source for attribute synchronization.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
nullable: true
description: Human-readable name of target source for attribute synchronization.
example: HR Active Directory
attributes:
type: array
description: Attribute synchronization configuration for specific identity attributes in the context of a source
items:
type: object
description: Specification of source attribute sync mapping configuration for an identity attribute
required:
- name
- displayName
- enabled
- target
properties:
name:
type: string
description: Name of the identity attribute
example: email
displayName:
type: string
description: Display name of the identity attribute
example: Email
enabled:
type: boolean
description: Determines whether or not the attribute is enabled for synchronization
example: true
target:
type: string
description: Name of the source account attribute to which the identity attribute value will be synchronized if enabled
example: mail
example:
- name: email
displayName: Email
enabled: true
target: mail
- name: firstname
displayName: First Name
enabled: false
target: givenName
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putSourceAttrSyncConfig
tags:
- Sources
summary: Update attribute sync config
description: |
Replaces the attribute synchronization configuration for the source specified by the given ID with the configuration provided in the request body. Only the "enabled" field of the values in the "attributes" array is mutable. Attempting to change other attributes or add new values to the "attributes" array will result in an error.
security:
- userAuth:
- 'idn:attr-sync-source-config:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Specification of attribute sync configuration for a source
required:
- source
- attributes
properties:
source:
type: object
description: Target source for attribute synchronization.
properties:
type:
type: string
description: DTO type of target source for attribute synchronization.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of target source for attribute synchronization.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
nullable: true
description: Human-readable name of target source for attribute synchronization.
example: HR Active Directory
attributes:
type: array
description: Attribute synchronization configuration for specific identity attributes in the context of a source
items:
type: object
description: Specification of source attribute sync mapping configuration for an identity attribute
required:
- name
- displayName
- enabled
- target
properties:
name:
type: string
description: Name of the identity attribute
example: email
displayName:
type: string
description: Display name of the identity attribute
example: Email
enabled:
type: boolean
description: Determines whether or not the attribute is enabled for synchronization
example: true
target:
type: string
description: Name of the source account attribute to which the identity attribute value will be synchronized if enabled
example: mail
example:
- name: email
displayName: Email
enabled: true
target: mail
- name: firstname
displayName: First Name
enabled: false
target: givenName
responses:
'200':
description: Updated attribute synchronization configuration for a source
content:
application/json:
schema:
type: object
description: Specification of attribute sync configuration for a source
required:
- source
- attributes
properties:
source:
type: object
description: Target source for attribute synchronization.
properties:
type:
type: string
description: DTO type of target source for attribute synchronization.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of target source for attribute synchronization.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
nullable: true
description: Human-readable name of target source for attribute synchronization.
example: HR Active Directory
attributes:
type: array
description: Attribute synchronization configuration for specific identity attributes in the context of a source
items:
type: object
description: Specification of source attribute sync mapping configuration for an identity attribute
required:
- name
- displayName
- enabled
- target
properties:
name:
type: string
description: Name of the identity attribute
example: email
displayName:
type: string
description: Display name of the identity attribute
example: Email
enabled:
type: boolean
description: Determines whether or not the attribute is enabled for synchronization
example: true
target:
type: string
description: Name of the source account attribute to which the identity attribute value will be synchronized if enabled
example: mail
example:
- name: email
displayName: Email
enabled: true
target: mail
- name: firstname
displayName: First Name
enabled: false
target: givenName
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{sourceId}/native-change-detection-config':
get:
operationId: getNativeChangeDetectionConfig
tags:
- Sources
summary: Native change detection configuration
security:
- userAuth:
- 'idn:sources:read'
x-sailpoint-userLevels:
- ORG_ADMIN
description: This API returns the existing native change detection configuration for a source specified by the given ID.
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Native change detection configuration for a source
content:
application/json:
schema:
type: object
description: Source configuration information for Native Change Detection that is read and used by account aggregation process.
properties:
enabled:
description: A flag indicating if Native Change Detection is enabled for a source.
type: boolean
example: true
default: false
operations:
type: array
description: Operation types for which Native Change Detection is enabled for a source.
items:
type: string
enum:
- ACCOUNT_UPDATED
- ACCOUNT_CREATED
- ACCOUNT_DELETED
example:
- ACCOUNT_UPDATED
- ACCOUNT_DELETED
allEntitlements:
description: A flag indicating that all entitlements participate in Native Change Detection.
type: boolean
example: false
default: false
allNonEntitlementAttributes:
description: A flag indicating that all non-entitlement account attributes participate in Native Change Detection.
type: boolean
example: false
default: false
selectedEntitlements:
description: If allEntitlements flag is off this field lists entitlements that participate in Native Change Detection.
type: array
items:
type: string
example:
- memberOf
- memberOfSharedMailbox
selectedNonEntitlementAttributes:
description: If allNonEntitlementAttributes flag is off this field lists non-entitlement account attributes that participate in Native Change Detection.
externalDocs:
description: Learn more about account attributes here.
url: 'https://documentation.sailpoint.com/saas/help/accounts/schema.html'
type: array
items:
type: string
example:
- lastName
- phoneNumber
- objectType
- servicePrincipalName
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
put:
operationId: putNativeChangeDetectionConfig
tags:
- Sources
summary: Update native change detection configuration
security:
- userAuth:
- 'idn:sources:update'
x-sailpoint-userLevels:
- ORG_ADMIN
description: Replaces the native change detection configuration for the source specified by the given ID with the configuration provided in the request body.
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Source configuration information for Native Change Detection that is read and used by account aggregation process.
properties:
enabled:
description: A flag indicating if Native Change Detection is enabled for a source.
type: boolean
example: true
default: false
operations:
type: array
description: Operation types for which Native Change Detection is enabled for a source.
items:
type: string
enum:
- ACCOUNT_UPDATED
- ACCOUNT_CREATED
- ACCOUNT_DELETED
example:
- ACCOUNT_UPDATED
- ACCOUNT_DELETED
allEntitlements:
description: A flag indicating that all entitlements participate in Native Change Detection.
type: boolean
example: false
default: false
allNonEntitlementAttributes:
description: A flag indicating that all non-entitlement account attributes participate in Native Change Detection.
type: boolean
example: false
default: false
selectedEntitlements:
description: If allEntitlements flag is off this field lists entitlements that participate in Native Change Detection.
type: array
items:
type: string
example:
- memberOf
- memberOfSharedMailbox
selectedNonEntitlementAttributes:
description: If allNonEntitlementAttributes flag is off this field lists non-entitlement account attributes that participate in Native Change Detection.
externalDocs:
description: Learn more about account attributes here.
url: 'https://documentation.sailpoint.com/saas/help/accounts/schema.html'
type: array
items:
type: string
example:
- lastName
- phoneNumber
- objectType
- servicePrincipalName
responses:
'200':
description: Updated native change detection configuration for a source
content:
application/json:
schema:
type: object
description: Source configuration information for Native Change Detection that is read and used by account aggregation process.
properties:
enabled:
description: A flag indicating if Native Change Detection is enabled for a source.
type: boolean
example: true
default: false
operations:
type: array
description: Operation types for which Native Change Detection is enabled for a source.
items:
type: string
enum:
- ACCOUNT_UPDATED
- ACCOUNT_CREATED
- ACCOUNT_DELETED
example:
- ACCOUNT_UPDATED
- ACCOUNT_DELETED
allEntitlements:
description: A flag indicating that all entitlements participate in Native Change Detection.
type: boolean
example: false
default: false
allNonEntitlementAttributes:
description: A flag indicating that all non-entitlement account attributes participate in Native Change Detection.
type: boolean
example: false
default: false
selectedEntitlements:
description: If allEntitlements flag is off this field lists entitlements that participate in Native Change Detection.
type: array
items:
type: string
example:
- memberOf
- memberOfSharedMailbox
selectedNonEntitlementAttributes:
description: If allNonEntitlementAttributes flag is off this field lists non-entitlement account attributes that participate in Native Change Detection.
externalDocs:
description: Learn more about account attributes here.
url: 'https://documentation.sailpoint.com/saas/help/accounts/schema.html'
type: array
items:
type: string
example:
- lastName
- phoneNumber
- objectType
- servicePrincipalName
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteNativeChangeDetectionConfig
tags:
- Sources
summary: Delete native change detection configuration
description: Deletes the native change detection configuration for the source specified by the given ID.
security:
- userAuth:
- 'idn:sources:update'
- applicationAuth:
- 'idn:sources:update'
x-sailpoint-userLevels:
- ORG_ADMIN
parameters:
- in: path
name: id
required: true
x-sailpoint-resource-operation-id: listSources
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/remove-accounts':
post:
operationId: deleteAccountsAsync
summary: Remove all accounts in a source
tags:
- Sources
description: |
Use this endpoint to remove all accounts from the system without provisioning changes to the source. Accounts that are removed could be re-created during the next aggregation.
This endpoint is good for:
* Removing accounts that no longer exist on the source.
* Removing accounts that won't be aggregated following updates to the source configuration.
* Forcing accounts to be re-created following the next aggregation to re-run account processing, support testing, etc.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: The source id
example: ebbf35756e1140699ce52b233121384a
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'202':
description: Accepted. Returns task result details of removal request.
content:
application/json:
schema:
type: object
description: Task result.
properties:
type:
type: string
description: Task result DTO type.
enum:
- TASK_RESULT
example: TASK_RESULT
id:
type: string
description: Task result ID.
example: 464ae7bf791e49fdb74606a2e4a89635
name:
type: string
description: Task result display name.
nullable: true
example: null
example:
type: TASK_RESULT
id: 464ae7bf791e49fdb74606a2e4a89635
name: null
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:accounts:manage'
'/sources/{id}/synchronize-attributes':
post:
operationId: syncAttributesForSource
tags:
- Sources
summary: Synchronize single source attributes.
security:
- userAuth: []
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
description: This end-point performs attribute synchronization for a selected source.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: The Source id
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'202':
description: A Source Sync job
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: Job ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
status:
type: string
description: The job status.
enum:
- QUEUED
- IN_PROGRESS
- SUCCESS
- ERROR
example: IN_PROGRESS
payload:
description: Job payload.
example:
type: SYNCHRONIZE_SOURCE_ATTRIBUTES
dataJson: '{"sourceId":"2c918083746f642c01746f990884012a"}'
type: object
properties:
type:
type: string
description: Payload type.
example: SYNCHRONIZE_SOURCE_ATTRIBUTES
dataJson:
type: string
description: Payload type.
example: '{"sourceId":"2c918083746f642c01746f990884012a"}'
required:
- type
- dataJson
required:
- id
- status
- payload
example:
id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
status: IN_PROGRESS
payload:
type: SYNCHRONIZE_SOURCE_ATTRIBUTES
dataJson: '{"sourceId":"2c918083746f642c01746f990884012a"}'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/entitlement-request-config':
get:
security:
- userAuth:
- 'idn:sources:read'
- 'idn:sources:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
operationId: getSourceEntitlementRequestConfig
summary: Get source entitlement request configuration
tags:
- Sources
description: |-
This API gets the current entitlement request configuration for a source. This source-level configuration should apply for all the entitlements in the source.
Access request to any entitlements in the source should follow this configuration unless a separate entitlement-level configuration is defined.
- During access request, this source-level entitlement request configuration overrides the global organization-level configuration.
- However, the entitlement-level configuration (if defined) overrides this source-level configuration.
responses:
'200':
description: Source Entitlement Request Configuration Details.
content:
application/json:
schema:
type: object
description: Entitlement Request Configuration
properties:
accessRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
reauthorizationRequired:
type: boolean
description: Is Reauthorization Required
default: false
example: false
description: Configuration for requesting access to entitlements
revocationRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
examples:
Get default config:
description: The default config for a source should look like the following where the empty approvalSchemes indicates that no approvals are required.
value:
accessRequestConfig:
approvalSchemes: []
requestCommentRequired: false
denialCommentRequired: false
Get config with one approval:
description: 'In case of a single approval, the config could look like the following.'
value:
accessRequestConfig:
approvalSchemes:
- approverId: null
approverType: SOURCE_OWNER
requestCommentRequired: true
denialCommentRequired: false
Get config with multiple approvals:
description: 'In case of multiple levels of approvals the config could look like the following. In this scenario, access request review process should go through all the approvers sequentially.'
value:
accessRequestConfig:
approvalSchemes:
- approverId: null
approverType: ENTITLEMENT_OWNER
- approverId: null
approverType: SOURCE_OWNER
- approverId: 95e538a3-30c1-433a-af05-4bed973bbc22
approverType: GOVERNANCE_GROUP
requestCommentRequired: true
denialCommentRequired: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
put:
security:
- userAuth:
- 'idn:sources:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
operationId: updateSourceEntitlementRequestConfig
summary: Update source entitlement request configuration
tags:
- Sources
description: |-
This API replaces the current entitlement request configuration for a source. This source-level configuration should apply for all the entitlements in the source.
Access request to any entitlements in the source should follow this configuration unless a separate entitlement-level configuration is defined.
- During access request, this source-level entitlement request configuration overrides the global organization-level configuration.
- However, the entitlement-level configuration (if defined) overrides this source-level configuration.
requestBody:
required: true
content:
application/json:
schema:
type: object
description: Entitlement Request Configuration
properties:
accessRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
reauthorizationRequired:
type: boolean
description: Is Reauthorization Required
default: false
example: false
description: Configuration for requesting access to entitlements
revocationRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
examples:
Set config with no approvals:
description: 'If no approvals are required, the following config can be set.'
value:
accessRequestConfig:
approvalSchemes: []
Set config with one approval:
description: In case of single approval the following config can be set.
value:
accessRequestConfig:
approvalSchemes:
- approverType: SOURCE_OWNER
requestCommentRequired: true
denialCommentRequired: false
Set config with multiple approvals:
description: 'In case of multiple levels of approvals the following config can be set. In this scenario, access request review process should go through all the approvers sequentially.'
value:
accessRequestConfig:
approvalSchemes:
- approverType: ENTITLEMENT_OWNER
- approverType: SOURCE_OWNER
- approverType: GOVERNANCE_GROUP
approverId: 95e538a3-30c1-433a-af05-4bed973bbc22
requestCommentRequired: true
denialCommentRequired: false
responses:
'200':
description: Source Entitlement Request Configuration Details.
content:
application/json:
schema:
type: object
description: Entitlement Request Configuration
properties:
accessRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
requestCommentRequired:
type: boolean
description: If the requester must provide a comment during access request.
default: false
example: true
denialCommentRequired:
type: boolean
description: If the reviewer must provide a comment when denying the access request.
default: false
example: false
reauthorizationRequired:
type: boolean
description: Is Reauthorization Required
default: false
example: false
description: Configuration for requesting access to entitlements
revocationRequestConfig:
type: object
properties:
approvalSchemes:
type: array
description: Ordered list of approval steps for the access request. Empty when no approval is required.
items:
type: object
properties:
approverType:
type: string
enum:
- ENTITLEMENT_OWNER
- SOURCE_OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**ENTITLEMENT_OWNER**: Owner of the associated Entitlement
**SOURCE_OWNER**: Owner of the associated Source
**MANAGER**: Manager of the Identity for whom the request is being made
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: e3eab852-8315-467f-9de7-70eda97f63c8
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/sources/{id}/load-accounts':
post:
tags:
- Sources
summary: Account aggregation
operationId: importAccounts
description: |-
Starts an account aggregation on the specified source.
If the target source is a delimited file source, then the CSV file needs to be included in the request body.
You will also need to set the Content-Type header to `multipart/form-data`.
security:
- userAuth:
- 'idn:sources:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: Source Id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
description: The CSV file containing the source accounts to aggregate.
disableOptimization:
type: string
example: 'true'
description: Use this flag to reprocess every account whether or not the data has changed.
responses:
'202':
description: Aggregate Accounts Task
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
description: The status of the result
default: 'true'
example: 'true'
task:
type: object
properties:
id:
description: System-generated unique ID of the task this taskStatus represents
type: string
example: ef38f94347e94562b5bb8424a56397d8
type:
description: Type of task this task represents
type: string
example: QUARTZ
name:
description: The name of the aggregation process
type: string
example: Cloud Account Aggregation
description:
description: The description of the task
type: string
example: Aggregate from the specified application
launcher:
description: The user who initiated the task
type: string
example: John Doe
created:
type: string
description: The Task creation date
format: date-time
example: '2020-09-07T42:14:00.364Z'
launched:
type: string
nullable: true
format: date-time
description: The task start date
example: '2020-09-07T42:14:00.521Z'
completed:
type: string
nullable: true
format: date-time
description: The task completion date
example: '2020-09-07T42:14:01.137Z'
completionStatus:
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
description: Task completion status.
example: Success
parentName:
type: string
nullable: true
description: Name of the parent task if exists.
example: Audit Report
messages:
type: array
description: List of the messages dedicated to the report. From task definition perspective here usually should be warnings or errors.
example: []
items:
type: object
properties:
type:
type: string
description: Type of the message.
enum:
- INFO
- WARN
- ERROR
example: WARN
error:
type: boolean
default: false
description: Flag whether message is an error.
example: false
warning:
type: boolean
default: false
description: Flag whether message is a warning.
example: true
key:
type: string
description: Message string identifier.
example: This aggregation failed because the currently running aggregation must complete before the next one can start.
localizedText:
type: string
description: Message context with the locale based language.
example: This aggregation failed because the currently running aggregation must complete before the next one can start.
progress:
type: string
nullable: true
description: Current task state.
example: Initializing...
attributes:
type: object
description: Extra attributes map(dictionary) for the task.
properties:
appId:
description: The id of the source
type: string
example: c31386cb18bb403cbb6df4c86294ff82
optimizedAggregation:
description: The indicator if the aggregation process was enabled/disabled for the aggregation job
type: string
example: enabled
additionalProperties:
type: object
returns:
type: array
description: Return values from the task
items:
type: object
properties:
displayLabel:
type: string
description: The display label of the return value
example: TASK_OUT_ACCOUNT_AGGREGATION_APPLICATIONS
attributeName:
type: string
description: The attribute name of the return value
example: applications
example:
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_APPLICATIONS
attributeName: applications
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_TOTAL
attributeName: total
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_OPTIMIZED
attributeName: optimizedAggregation
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_IGNORED
attributeName: ignored
- displayLabel: TASK_OUT_UNCHANGED_ACCOUNTS
attributeName: optimized
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_CREATED
attributeName: created
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_UPDATED
attributeName: updated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_DELETED
attributeName: deleted
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_MANAGER_CHANGES
attributeName: managerChanges
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_BUSINESS_ROLE_CHANGES
attributeName: detectedRoleChanges
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_EXCEPTION_CHANGES
attributeName: exceptionChanges
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_POLICIES
attributeName: policies
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_POLICY_VIOLATIONS
attributeName: policyViolations
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_POLICY_NOTIFICATIONS
attributeName: policyNotifications
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCORES_CHANGED
attributeName: scoresChanged
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SNAPSHOTS_CREATED
attributeName: snapshotsCreated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCOPES_CREATED
attributeName: scopesCreated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCOPES_CORRELATED
attributeName: scopesCorrelated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCOPES_SELECTED
attributeName: scopesSelected
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCOPES_DORMANT
attributeName: scopesDormant
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_UNSCOPED_IDENTITIES
attributeName: unscopedIdentities
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_CERTIFICATIONS_CREATED
attributeName: certificationsCreated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_CERTIFICATIONS_DELETED
attributeName: certificationsDeleted
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_APPLICATIONS_GENERATED
attributeName: applicationsGenerated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_MANAGED_ATTRIBUTES_PROMOTED
attributeName: managedAttributesCreated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_MANAGED_ATTRIBUTES_PROMOTED_BY_APP
attributeName: managedAttributesCreatedByApplication
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_IDENTITYENTITLEMENTS_CREATED
attributeName: identityEntitlementsCreated
- displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_GROUPS_CREATED
attributeName: groupsCreated
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/sources/{id}/load-uncorrelated-accounts':
post:
tags:
- Sources
summary: Process uncorrelated accounts
operationId: importUncorrelatedAccounts
description: File is required for upload. You will also need to set the Content-Type header to `multipart/form-data`
security:
- userAuth:
- 'idn:sources:manage'
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: Source Id
example: 75dbec1ebe154d5785da27b95e1dd5d7
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
responses:
'202':
description: Uncorrelated Accounts Task
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
description: The status of the result
default: 'true'
example: 'true'
task:
type: object
properties:
id:
description: System-generated unique ID of the task this taskStatus represents
type: string
example: 90b83a6bb737489494794f84cd3a51e6
type:
description: Type of task this task represents
type: string
example: QUARTZ
name:
description: The name of uncorrelated accounts process
type: string
example: Cloud Process Uncorrelated Accounts
description:
description: The description of the task
type: string
example: Processes uncorrelated accounts for the specified application.
launcher:
description: The user who initiated the task
type: string
example: John Doe
created:
type: string
description: The Task creation date
format: date-time
example: '2020-09-07T42:14:00.364Z'
launched:
type: string
nullable: true
format: date-time
description: The task start date
example: '2020-09-07T42:14:00.521Z'
completed:
type: string
nullable: true
format: date-time
description: The task completion date
example: '2020-09-07T42:14:01.137Z'
completionStatus:
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMP_ERROR
description: Task completion status.
example: Success
parentName:
type: string
nullable: true
description: Name of the parent task if exists.
example: Audit Report
messages:
type: array
description: List of the messages dedicated to the report. From task definition perspective here usually should be warnings or errors.
example: []
items:
type: object
properties:
type:
type: string
description: Type of the message.
enum:
- INFO
- WARN
- ERROR
example: WARN
error:
type: boolean
default: false
description: Flag whether message is an error.
example: false
warning:
type: boolean
default: false
description: Flag whether message is a warning.
example: true
key:
type: string
description: Message string identifier.
example: This correlation failed because the currently running correlation must complete before the next one can start.
localizedText:
type: string
description: Message context with the locale based language.
example: This correlation failed because the currently running correlation must complete before the next one can start.
progress:
type: string
nullable: true
description: Current task state.
example: Initializing...
attributes:
type: object
description: Extra attributes map(dictionary) for the task.
properties:
qpocJobId:
description: The id of qpoc job
type: string
example: 5d303d46-fc51-48cd-9c6d-4e211e3ab63c
taskStartDelay:
description: the task start delay value
example: ''
returns:
description: Return values from the task
type: object
example:
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_APPLICATIONS
attributeName: applications
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_TOTAL
attributeName: total
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_IGNORED
attributeName: correlationFailures
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_FAILURES
attributeName: ignored
- displayLabel: TASK_OUT_UNCHANGED_ACCOUNTS
attributeName: optimized
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION__CREATED
attributeName: created
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_UPDATED
attributeName: updated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_DELETED
attributeName: deleted
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_MANAGER_CHANGES
attributeName: managerChanges
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_BUSINESS_ROLE_CHANGES
attributeName: detectedRoleChanges
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_EXCEPTION_CHANGES
attributeName: exceptionChanges
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_POLICIES
attributeName: policies
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_POLICY_VIOLATIONS
attributeName: policyViolations
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_POLICY_NOTIFICATIONS
attributeName: policyNotifications
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCORES_CHANGED
attributeName: scoresChanged
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SNAPSHOTS_CREATED
attributeName: snapshotsCreated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCOPES_CREATED
attributeName: scopesCreated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCOPES_CORRELATED
attributeName: scopesCorrelated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCOPES_SELECTED
attributeName: scopesSelected
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCOPES_DORMANT
attributeName: scopesDormant
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_UNSCOPED_IDENTITIES
attributeName: unscopedIdentities
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_CERTIFICATIONS_CREATED
attributeName: certificationsCreated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_CERTIFICATIONS_DELETED
attributeName: certificationsDeleted
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_APPLICATIONS_GENERATED
attributeName: applicationsGenerated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_MANAGED_ATTRIBUTES_PROMOTED
attributeName: managedAttributesCreated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_MANAGED_ATTRIBUTES_PROMOTED_BY_APP
attributeName: managedAttributesCreatedByApplication
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_IDENTITYENTITLEMENTS_CREATED
attributeName: identityEntitlementsCreated
- displayLabel: TASK_OUT_ACCOUNT_CORRELATION_GROUPS_CREATED
attributeName: groupsCreated
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/task-status/{id}':
get:
tags:
- Task Management
summary: Get task status by id
description: Get task status by task ID. Types of tasks include account and entitlement aggregation and other general background processing tasks. Data for tasks older than 90 days will not be returned.
operationId: getTaskStatus
parameters:
- name: id
in: path
description: Task ID.
required: true
x-sailpoint-resource-operation-id: getTaskStatusList
example: 00eebcf881994e419d72e757fd30dc0e
style: simple
explode: false
schema:
type: string
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Responds with a TaskStatus for the task with the given task ID.
content:
application/json:
schema:
description: Details and current status of a specific task
required:
- id
- type
- uniqueName
- description
- parentName
- attributes
- created
- modified
- launched
- launcher
- completed
- completionStatus
- messages
- progress
- percentComplete
- returns
type: object
properties:
id:
description: System-generated unique ID of the task this TaskStatus represents
type: string
example: id12345
type:
description: Type of task this TaskStatus represents
type: string
enum:
- QUARTZ
- QPOC
- QUEUED_TASK
example: QUARTZ
uniqueName:
description: Name of the task this TaskStatus represents
type: string
example: Big Task
description:
description: Description of the task this TaskStatus represents
type: string
example: A Really Big Task
parentName:
description: Name of the parent of the task this TaskStatus represents
nullable: true
type: string
example: Parent Task
launcher:
description: Service to execute the task this TaskStatus represents
type: string
example: sweep
target:
type: object
nullable: true
properties:
id:
description: Target ID
type: string
example: c6dc37bf508149b28ce5b7d90ca4bbf9
type:
description: Target type
type: string
nullable: true
enum:
- APPLICATION
- IDENTITY
- null
example: APPLICATION
name:
description: Target name
type: string
example: 'Active Directory [source]'
created:
description: Creation date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
modified:
description: Last modification date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
launched:
description: Launch date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completed:
description: Completion date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completionStatus:
description: Completion status of the task this TaskStatus represents
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMPERROR
- null
example: SUCCESS
messages:
description: Messages associated with the task this TaskStatus represents
type: array
items:
description: TaskStatus Message
required:
- key
- localizedText
- type
- parameters
type: object
properties:
type:
description: Type of the message
type: string
enum:
- INFO
- WARN
- ERROR
example: INFO
localizedText:
description: Localized form of the message
type: object
nullable: true
required:
- locale
- message
properties:
locale:
description: Message locale
type: string
example: An error has occurred!
message:
description: Message text
type: string
example: Error has occurred!
key:
description: Key of the message
type: string
example: akey
parameters:
description: Message parameters for internationalization
nullable: true
type: array
items:
anyOf:
- type: object
- type: string
example:
- name: value
returns:
description: Return values from the task this TaskStatus represents
type: array
items:
description: Task return details
required:
- name
- attributeName
type: object
properties:
name:
description: Display name of the TaskReturnDetails
type: string
example: label
attributeName:
description: Attribute the TaskReturnDetails is for
type: string
example: identityCount
attributes:
description: Attributes of the task this TaskStatus represents
type: object
additionalProperties: true
example:
identityCount: 0
progress:
description: Current progress of the task this TaskStatus represents
nullable: true
type: string
example: Started
percentComplete:
description: Current percentage completion of the task this TaskStatus represents
type: integer
example: 100
taskDefinitionSummary:
description: 'Definition of a type of task, used to invoke tasks'
required:
- arguments
- description
- executor
- id
- uniqueName
- parentName
type: object
properties:
id:
description: System-generated unique ID of the TaskDefinition
type: string
example: 2c91808475b4334b0175e1dff64b63c5
uniqueName:
description: Name of the TaskDefinition
type: string
example: Cloud Account Aggregation
description:
nullable: true
description: Description of the TaskDefinition
type: string
example: Aggregates from the specified application.
parentName:
description: Name of the parent of the TaskDefinition
type: string
example: Cloud Account Aggregation
executor:
description: Executor of the TaskDefinition
nullable: true
type: string
example: sailpoint.task.ServiceTaskExecutor
arguments:
description: 'Formal parameters of the TaskDefinition, without values'
type: object
additionalProperties: true
example:
mantisExecutor: com.sailpoint.mantis.sources.task.AccountAggregationTask
eventClassesCsv: sailpoint.thunderbolt.events.AggregationEvents
serviceClass: sailpoint.thunderbolt.service.AggregationService
serviceMethod: accountAggregationTask
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden, generally due to a lack of security rights'
'404':
description: TaskStatus with the given id was not found.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:task-management:read'
- 'idn:task-management:write'
- applicationAuth:
- 'idn:task-management:read'
- 'idn:task-management:write'
x-sailpoint-userLevels:
- ORG_ADMIN
- HELPDESK
- CERT_ADMIN
- REPORT_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
patch:
operationId: updateTaskStatus
tags:
- Task Management
summary: Update task status by id
description: Update a current task status by task ID. Use this API to clear a pending task by updating the completionStatus and completed attributes.
parameters:
- name: id
in: path
description: Task ID.
example: 00eebcf881994e419d72e757fd30dc0e
required: true
x-sailpoint-resource-operation-id: getTaskStatusList
style: simple
explode: false
schema:
type: string
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
description: The JSONPatch payload used to update the object.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /completionStatus
value: Error
- op: replace
path: /completed
value: '2024-05-17 19:33:16.470000+00:00'
responses:
'200':
description: 'This response indicates the PATCH operation succeeded, and the API returns the updated task object.'
content:
application/json:
schema:
description: Details and current status of a specific task
required:
- id
- type
- uniqueName
- description
- parentName
- attributes
- created
- modified
- launched
- launcher
- completed
- completionStatus
- messages
- progress
- percentComplete
- returns
type: object
properties:
id:
description: System-generated unique ID of the task this TaskStatus represents
type: string
example: id12345
type:
description: Type of task this TaskStatus represents
type: string
enum:
- QUARTZ
- QPOC
- QUEUED_TASK
example: QUARTZ
uniqueName:
description: Name of the task this TaskStatus represents
type: string
example: Big Task
description:
description: Description of the task this TaskStatus represents
type: string
example: A Really Big Task
parentName:
description: Name of the parent of the task this TaskStatus represents
nullable: true
type: string
example: Parent Task
launcher:
description: Service to execute the task this TaskStatus represents
type: string
example: sweep
target:
type: object
nullable: true
properties:
id:
description: Target ID
type: string
example: c6dc37bf508149b28ce5b7d90ca4bbf9
type:
description: Target type
type: string
nullable: true
enum:
- APPLICATION
- IDENTITY
- null
example: APPLICATION
name:
description: Target name
type: string
example: 'Active Directory [source]'
created:
description: Creation date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
modified:
description: Last modification date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
launched:
description: Launch date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completed:
description: Completion date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completionStatus:
description: Completion status of the task this TaskStatus represents
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMPERROR
- null
example: SUCCESS
messages:
description: Messages associated with the task this TaskStatus represents
type: array
items:
description: TaskStatus Message
required:
- key
- localizedText
- type
- parameters
type: object
properties:
type:
description: Type of the message
type: string
enum:
- INFO
- WARN
- ERROR
example: INFO
localizedText:
description: Localized form of the message
type: object
nullable: true
required:
- locale
- message
properties:
locale:
description: Message locale
type: string
example: An error has occurred!
message:
description: Message text
type: string
example: Error has occurred!
key:
description: Key of the message
type: string
example: akey
parameters:
description: Message parameters for internationalization
nullable: true
type: array
items:
anyOf:
- type: object
- type: string
example:
- name: value
returns:
description: Return values from the task this TaskStatus represents
type: array
items:
description: Task return details
required:
- name
- attributeName
type: object
properties:
name:
description: Display name of the TaskReturnDetails
type: string
example: label
attributeName:
description: Attribute the TaskReturnDetails is for
type: string
example: identityCount
attributes:
description: Attributes of the task this TaskStatus represents
type: object
additionalProperties: true
example:
identityCount: 0
progress:
description: Current progress of the task this TaskStatus represents
nullable: true
type: string
example: Started
percentComplete:
description: Current percentage completion of the task this TaskStatus represents
type: integer
example: 100
taskDefinitionSummary:
description: 'Definition of a type of task, used to invoke tasks'
required:
- arguments
- description
- executor
- id
- uniqueName
- parentName
type: object
properties:
id:
description: System-generated unique ID of the TaskDefinition
type: string
example: 2c91808475b4334b0175e1dff64b63c5
uniqueName:
description: Name of the TaskDefinition
type: string
example: Cloud Account Aggregation
description:
nullable: true
description: Description of the TaskDefinition
type: string
example: Aggregates from the specified application.
parentName:
description: Name of the parent of the TaskDefinition
type: string
example: Cloud Account Aggregation
executor:
description: Executor of the TaskDefinition
nullable: true
type: string
example: sailpoint.task.ServiceTaskExecutor
arguments:
description: 'Formal parameters of the TaskDefinition, without values'
type: object
additionalProperties: true
example:
mantisExecutor: com.sailpoint.mantis.sources.task.AccountAggregationTask
eventClassesCsv: sailpoint.thunderbolt.events.AggregationEvents
serviceClass: sailpoint.thunderbolt.service.AggregationService
serviceMethod: accountAggregationTask
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:task-management:write'
x-sailpoint-userLevels:
- ORG_ADMIN
- CERT_ADMIN
- REPORT_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
/task-status:
get:
tags:
- Task Management
summary: Retrieve task status list
description: |
Use this endpoint to get a list of statuses for **completed** tasks. Types of tasks include account and entitlement aggregation and other general background processing tasks. Data for tasks older than 90 days will not be returned. To get a list of statuses for **in-progress** tasks, please use the [retrieve pending task status list](https://developer.sailpoint.com/docs/api/v2024/get-pending-tasks) endpoint.
operationId: getTaskStatusList
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
example: completionStatus eq "Success"
required: false
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**sourceId**: *eq, in*
**completionStatus**: *eq, in*
**type**: *eq, in*
- in: query
name: sorters
schema:
type: string
format: comma-separated
example: '-created'
required: false
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created**
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Responds with a TaskStatus for the task with the given task ID.
content:
application/json:
schema:
type: array
items:
description: Details and current status of a specific task
required:
- id
- type
- uniqueName
- description
- parentName
- attributes
- created
- modified
- launched
- launcher
- completed
- completionStatus
- messages
- progress
- percentComplete
- returns
type: object
properties:
id:
description: System-generated unique ID of the task this TaskStatus represents
type: string
example: id12345
type:
description: Type of task this TaskStatus represents
type: string
enum:
- QUARTZ
- QPOC
- QUEUED_TASK
example: QUARTZ
uniqueName:
description: Name of the task this TaskStatus represents
type: string
example: Big Task
description:
description: Description of the task this TaskStatus represents
type: string
example: A Really Big Task
parentName:
description: Name of the parent of the task this TaskStatus represents
nullable: true
type: string
example: Parent Task
launcher:
description: Service to execute the task this TaskStatus represents
type: string
example: sweep
target:
type: object
nullable: true
properties:
id:
description: Target ID
type: string
example: c6dc37bf508149b28ce5b7d90ca4bbf9
type:
description: Target type
type: string
nullable: true
enum:
- APPLICATION
- IDENTITY
- null
example: APPLICATION
name:
description: Target name
type: string
example: 'Active Directory [source]'
created:
description: Creation date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
modified:
description: Last modification date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
launched:
description: Launch date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completed:
description: Completion date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completionStatus:
description: Completion status of the task this TaskStatus represents
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMPERROR
- null
example: SUCCESS
messages:
description: Messages associated with the task this TaskStatus represents
type: array
items:
description: TaskStatus Message
required:
- key
- localizedText
- type
- parameters
type: object
properties:
type:
description: Type of the message
type: string
enum:
- INFO
- WARN
- ERROR
example: INFO
localizedText:
description: Localized form of the message
type: object
nullable: true
required:
- locale
- message
properties:
locale:
description: Message locale
type: string
example: An error has occurred!
message:
description: Message text
type: string
example: Error has occurred!
key:
description: Key of the message
type: string
example: akey
parameters:
description: Message parameters for internationalization
nullable: true
type: array
items:
anyOf:
- type: object
- type: string
example:
- name: value
returns:
description: Return values from the task this TaskStatus represents
type: array
items:
description: Task return details
required:
- name
- attributeName
type: object
properties:
name:
description: Display name of the TaskReturnDetails
type: string
example: label
attributeName:
description: Attribute the TaskReturnDetails is for
type: string
example: identityCount
attributes:
description: Attributes of the task this TaskStatus represents
type: object
additionalProperties: true
example:
identityCount: 0
progress:
description: Current progress of the task this TaskStatus represents
nullable: true
type: string
example: Started
percentComplete:
description: Current percentage completion of the task this TaskStatus represents
type: integer
example: 100
taskDefinitionSummary:
description: 'Definition of a type of task, used to invoke tasks'
required:
- arguments
- description
- executor
- id
- uniqueName
- parentName
type: object
properties:
id:
description: System-generated unique ID of the TaskDefinition
type: string
example: 2c91808475b4334b0175e1dff64b63c5
uniqueName:
description: Name of the TaskDefinition
type: string
example: Cloud Account Aggregation
description:
nullable: true
description: Description of the TaskDefinition
type: string
example: Aggregates from the specified application.
parentName:
description: Name of the parent of the TaskDefinition
type: string
example: Cloud Account Aggregation
executor:
description: Executor of the TaskDefinition
nullable: true
type: string
example: sailpoint.task.ServiceTaskExecutor
arguments:
description: 'Formal parameters of the TaskDefinition, without values'
type: object
additionalProperties: true
example:
mantisExecutor: com.sailpoint.mantis.sources.task.AccountAggregationTask
eventClassesCsv: sailpoint.thunderbolt.events.AggregationEvents
serviceClass: sailpoint.thunderbolt.service.AggregationService
serviceMethod: accountAggregationTask
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:task-management:read'
- 'idn:task-management:write'
- applicationAuth:
- 'idn:task-management:read'
- 'idn:task-management:write'
x-sailpoint-userLevels:
- ORG_ADMIN
- HELPDESK
- CERT_ADMIN
- REPORT_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
/task-status/pending-tasks:
get:
tags:
- Task Management
summary: Retrieve pending task status list
description: Retrieve a list of statuses for pending tasks. Types of tasks include account and entitlement aggregation and other general background processing tasks. Data for tasks older than 90 days will not be returned.
operationId: getPendingTasks
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Responds with a list of TaskStatus for pending tasks.
content:
application/json:
schema:
type: array
items:
description: Details and current status of a specific task
required:
- id
- type
- uniqueName
- description
- parentName
- attributes
- created
- modified
- launched
- launcher
- completed
- completionStatus
- messages
- progress
- percentComplete
- returns
type: object
properties:
id:
description: System-generated unique ID of the task this TaskStatus represents
type: string
example: id12345
type:
description: Type of task this TaskStatus represents
type: string
enum:
- QUARTZ
- QPOC
- QUEUED_TASK
example: QUARTZ
uniqueName:
description: Name of the task this TaskStatus represents
type: string
example: Big Task
description:
description: Description of the task this TaskStatus represents
type: string
example: A Really Big Task
parentName:
description: Name of the parent of the task this TaskStatus represents
nullable: true
type: string
example: Parent Task
launcher:
description: Service to execute the task this TaskStatus represents
type: string
example: sweep
target:
type: object
nullable: true
properties:
id:
description: Target ID
type: string
example: c6dc37bf508149b28ce5b7d90ca4bbf9
type:
description: Target type
type: string
nullable: true
enum:
- APPLICATION
- IDENTITY
- null
example: APPLICATION
name:
description: Target name
type: string
example: 'Active Directory [source]'
created:
description: Creation date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
modified:
description: Last modification date of the task this TaskStatus represents
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
launched:
description: Launch date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completed:
description: Completion date of the task this TaskStatus represents
nullable: true
type: string
format: date-time
example: '2020-07-11T21:23:15.000Z'
completionStatus:
description: Completion status of the task this TaskStatus represents
type: string
nullable: true
enum:
- SUCCESS
- WARNING
- ERROR
- TERMINATED
- TEMPERROR
- null
example: SUCCESS
messages:
description: Messages associated with the task this TaskStatus represents
type: array
items:
description: TaskStatus Message
required:
- key
- localizedText
- type
- parameters
type: object
properties:
type:
description: Type of the message
type: string
enum:
- INFO
- WARN
- ERROR
example: INFO
localizedText:
description: Localized form of the message
type: object
nullable: true
required:
- locale
- message
properties:
locale:
description: Message locale
type: string
example: An error has occurred!
message:
description: Message text
type: string
example: Error has occurred!
key:
description: Key of the message
type: string
example: akey
parameters:
description: Message parameters for internationalization
nullable: true
type: array
items:
anyOf:
- type: object
- type: string
example:
- name: value
returns:
description: Return values from the task this TaskStatus represents
type: array
items:
description: Task return details
required:
- name
- attributeName
type: object
properties:
name:
description: Display name of the TaskReturnDetails
type: string
example: label
attributeName:
description: Attribute the TaskReturnDetails is for
type: string
example: identityCount
attributes:
description: Attributes of the task this TaskStatus represents
type: object
additionalProperties: true
example:
identityCount: 0
progress:
description: Current progress of the task this TaskStatus represents
nullable: true
type: string
example: Started
percentComplete:
description: Current percentage completion of the task this TaskStatus represents
type: integer
example: 100
taskDefinitionSummary:
description: 'Definition of a type of task, used to invoke tasks'
required:
- arguments
- description
- executor
- id
- uniqueName
- parentName
type: object
properties:
id:
description: System-generated unique ID of the TaskDefinition
type: string
example: 2c91808475b4334b0175e1dff64b63c5
uniqueName:
description: Name of the TaskDefinition
type: string
example: Cloud Account Aggregation
description:
nullable: true
description: Description of the TaskDefinition
type: string
example: Aggregates from the specified application.
parentName:
description: Name of the parent of the TaskDefinition
type: string
example: Cloud Account Aggregation
executor:
description: Executor of the TaskDefinition
nullable: true
type: string
example: sailpoint.task.ServiceTaskExecutor
arguments:
description: 'Formal parameters of the TaskDefinition, without values'
type: object
additionalProperties: true
example:
mantisExecutor: com.sailpoint.mantis.sources.task.AccountAggregationTask
eventClassesCsv: sailpoint.thunderbolt.events.AggregationEvents
serviceClass: sailpoint.thunderbolt.service.AggregationService
serviceMethod: accountAggregationTask
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:task-management:read'
- 'idn:task-management:write'
- applicationAuth:
- 'idn:task-management:read'
- 'idn:task-management:write'
x-sailpoint-userLevels:
- ORG_ADMIN
- HELPDESK
- CERT_ADMIN
- REPORT_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
head:
tags:
- Task Management
summary: Retrieve pending task list headers
description: Responds with headers only for list of task statuses for pending tasks.
operationId: getPendingTaskHeaders
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Retrieve headers for a list of TaskStatus for pending tasks.
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:task-management:read'
- 'idn:task-management:write'
- applicationAuth:
- 'idn:task-management:read'
- 'idn:task-management:write'
x-sailpoint-userLevels:
- ORG_ADMIN
- HELPDESK
- CERT_ADMIN
- REPORT_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
/tenant:
get:
operationId: getTenant
tags:
- Tenant
summary: Get tenant information.
description: This rest endpoint can be used to retrieve tenant details.
security:
- userAuth:
- 'sp:tenant:read'
x-sailpoint-userLevels:
- Any
responses:
'200':
description: Tenant Info
content:
application/json:
schema:
type: object
properties:
id:
type: string
readOnly: true
description: The unique identifier for the Tenant
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Abbreviated name of the Tenant
example: acme
fullName:
type: string
description: Human-readable name of the Tenant
example: 'Acme, Inc'
pod:
type: string
description: Deployment pod for the Tenant
example: example-pod
region:
type: string
description: Deployment region for the Tenant
example: us-east-1
description:
type: string
description: Description of the Tenant
example: Description of the Tenant
products:
type: array
items:
type: object
properties:
productName:
type: string
description: Name of the Product
example: idn
url:
type: string
description: URL of the Product
example: 'https://tenant-name.identitynow.com'
productTenantId:
type: string
description: An identifier for a specific product-tenant combination
example: tenant#product
productRegion:
type: string
description: Product region
example: us-east-1
productRight:
type: string
description: Right needed for the Product
example: 'idn:ui:view'
apiUrl:
nullable: true
type: string
description: API URL of the Product
example: 'https://tenant-name.api.identitynow.com'
licenses:
type: array
items:
type: object
properties:
licenseId:
type: string
description: Name of the license
example: 'idn:access-request'
legacyFeatureName:
type: string
description: Legacy name of the license
example: ACCESS_REQUEST
attributes:
type: object
additionalProperties: true
description: Additional attributes for a product
example:
domain: 'https://tenant-name.identitynow.com'
maxRegisteredUsers: 250
zone:
type: string
description: Zone
example: Deployment zone for the Product
status:
type: string
description: Status of the product
example: active
statusDateTime:
type: string
format: date-time
description: Status datetime
example: '2020-05-19T13:49:37.385Z'
reason:
type: string
description: If there's a tenant provisioning failure then reason will have the description of error
example: Reason
notes:
type: string
description: Product could have additional notes added during tenant provisioning.
example: Example notes
dateCreated:
nullable: true
type: string
format: date-time
description: Date when the product was created
example: '2020-05-19T13:49:37.385Z'
lastUpdated:
nullable: true
type: string
format: date-time
description: Date when the product was last updated
example: '2020-05-19T13:49:37.385Z'
orgType:
nullable: true
type: string
enum:
- development
- staging
- production
- test
- partner
- training
- demonstration
- sandbox
- null
description: Type of org
example: test
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/tenant-context:
get:
summary: Retrieve tenant context
tags:
- Tenant Context
description: |
Returns a list of key-value pairs representing the current state of the tenant's context.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
security:
- userAuth:
- 'idn:tenant-context:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
operationId: getTenantContext
responses:
'200':
description: Successfully retrieved tenant context.
content:
application/json:
schema:
type: array
items:
type: object
properties:
key:
type: string
value:
type: string
example:
- key: IAS
value: International Accounting Standards
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
summary: Update tenant context
tags:
- Tenant Context
description: |
Allows the user to make incremental updates to tenant context records using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
This endpoint is specifically designed to modify the `/Key/*` field, supporting operations such as `add`, `remove`, or `replace` to manage key-value pairs.
Note that each tenant is limited to a maximum of 100 key-value pairs.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
security:
- userAuth:
- 'idn:tenant-context:write'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
operationId: patchTenantContext
requestBody:
content:
application/json-patch+json:
schema:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Multiple operations in one call:
description: This example shows how multiple context keys may be updated with a single patch call.
value:
- op: add
path: /Key/IAS
value: Integrated Automation System
- op: replace
path: /Key/IAS
value: International Accounting Standards
- op: remove
path: /Key/NDR
Add a single context:
description: This example shows how a single context may be created with a single patch call.
value:
- op: add
path: /Key/IAS
value: Integrated Automation System
Update a single context:
description: This example shows how a single context may be updated with a single patch call.
value:
- op: replace
path: /Key/IAS
value: International Accounting Standards
Remove a single context:
description: This example shows how a single context may be removed with a single patch call.
value:
- op: remove
path: /Key/IAS
required: true
responses:
'200':
description: Tenant context updated successfully.
'400':
description: Bad request due to invalid input parameters.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
incorrectPath:
summary: Invalid path example
value:
detailCode: Bad Request
trackingId: e9eaaeac516643ffa087cc476e7577c5
messages:
- locale: en-US
localeOrigin: DEFAULT
text: 'invalid patch request: field not patchable or does not contain key (/InvalidPath/IAS)'
invalidOperation:
summary: Invalid operation example
value:
detailCode: Bad Request
trackingId: 39cfb6a29d5a4522954d72124545d3c5
messages:
- locale: en-US
localeOrigin: DEFAULT
text: 'invalid patch request: operation not allowed (move)'
noKeyInPath:
summary: No key in path example
value:
detailCode: Bad Request
trackingId: 6d3bdd67ac8a4382884875ed4abf1f13
messages:
- locale: en-US
localeOrigin: DEFAULT
text: 'invalid patch request: field not patchable or does not contain key (/Key/)'
capacityExceeded:
summary: Capacity exceeded example
value:
detailCode: Bad Request
trackingId: bd51a5e2f4ee4d5aa65ac2f7cd3c2445
messages:
- locale: en-US
localeOrigin: DEFAULT
text: 'unable to fulfill patch request: max tenant context capacity exceeded by 5 key/value pair(s)'
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/triggers:
get:
operationId: listTriggers
tags:
- Triggers
summary: List triggers
description: Gets a list of triggers that are available in the tenant.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, ge, le*
example: 'id eq "idn:access-request-post-approval"'
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name**
example: name
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of triggers.
content:
application/json:
schema:
type: array
items:
type: object
required:
- id
- name
- type
- inputSchema
- exampleInput
properties:
id:
type: string
description: Unique identifier of the trigger.
example: 'idn:access-request-dynamic-approver'
name:
type: string
description: Trigger Name.
example: Access Request Dynamic Approver
type:
example: REQUEST_RESPONSE
type: string
description: The type of trigger.
enum:
- REQUEST_RESPONSE
- FIRE_AND_FORGET
description:
type: string
description: Trigger Description.
example: Trigger for getting a dynamic approver.
inputSchema:
type: string
description: The JSON schema of the payload that will be sent by the trigger to the subscribed service.
example: '{"definitions":{"record:AccessRequestDynamicApproverInput":{"type":"object","required":["accessRequestId","requestedFor","requestedItems","requestedBy"],"additionalProperties":true,"properties":{"accessRequestId":{"type":"string"},"requestedFor":{"$ref":"#/definitions/record:requestedForIdentityRef"},"requestedItems":{"type":"array","items":{"$ref":"#/definitions/record:requestedObjectRef"}},"requestedBy":{"$ref":"#/definitions/record:requestedByIdentityRef"}}},"record:requestedForIdentityRef":{"type":"object","required":["id","name","type"],"additionalProperties":true,"properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}}},"record:requestedObjectRef":{"type":"object","optional":["description","comment"],"required":["id","name","type","operation"],"additionalProperties":true,"properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"oneOf":[{"type":"null"},{"type":"string"}]},"type":{"type":"string"},"operation":{"type":"string"},"comment":{"oneOf":[{"type":"null"},{"type":"string"}]}}},"record:requestedByIdentityRef":{"type":"object","required":["type","id","name"],"additionalProperties":true,"properties":{"type":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"}}}},"$ref":"#/definitions/record:AccessRequestDynamicApproverInput"}'
exampleInput:
description: An example of the JSON payload that will be sent by the trigger to the subscribed service.
oneOf:
- title: Access Request Dynamic Approver
type: object
required:
- accessRequestId
- requestedFor
- requestedItems
- requestedBy
properties:
accessRequestId:
type: string
description: |
The unique ID of the access request object. Can be used with the [access request status endpoint](https://developer.sailpoint.com/idn/api/beta/list-access-request-status) to get the status of the request.
example: 4b4d982dddff4267ab12f0f1e72b5a6d
requestedFor:
type: array
description: Identities access was requested for.
items:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
minItems: 1
maxItems: 10
requestedItems:
description: The access items that are being requested.
type: array
items:
type: object
required:
- id
- name
- type
- operation
properties:
id:
type: string
description: The unique ID of the access item.
example: 2c91808b6ef1d43e016efba0ce470904
name:
type: string
description: Human friendly name of the access item.
example: Engineering Access
description:
nullable: true
type: string
description: Extended description of the access item.
example: Engineering Access
type:
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of access item being requested.
example: ACCESS_PROFILE
operation:
enum:
- Add
- Remove
description: Grant or revoke the access item
example: Add
comment:
nullable: true
type: string
description: A comment from the requestor on why the access is needed.
example: William needs this access for his day to day job activities.
minItems: 1
maxItems: 25
requestedBy:
allOf:
- type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
- title: Access Request Post Approval
type: object
required:
- accessRequestId
- requestedFor
- requestedItemsStatus
- requestedBy
properties:
accessRequestId:
type: string
description: The unique ID of the access request.
example: 2c91808b6ef1d43e016efba0ce470904
requestedFor:
required:
- id
- type
- name
type: array
description: Identities access was requested for.
items:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
minItems: 1
maxItems: 10
requestedItemsStatus:
description: Details on the outcome of each access item.
type: array
items:
type: object
required:
- id
- name
- type
- operation
- approvalInfo
properties:
id:
type: string
description: The unique ID of the access item being requested.
example: 2c91808b6ef1d43e016efba0ce470904
name:
type: string
description: The human friendly name of the access item.
example: Engineering Access
description:
nullable: true
type: string
description: Detailed description of the access item.
example: Access to engineering database
type:
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of access item.
example: ACCESS_PROFILE
operation:
enum:
- Add
- Remove
description: The action to perform on the access item.
example: Add
comment:
nullable: true
type: string
description: A comment from the identity requesting the access.
example: William needs this access to do his job.
clientMetadata:
description: Additional customer defined metadata about the access item.
nullable: true
type: object
additionalProperties: true
example:
applicationName: My application
approvalInfo:
description: A list of one or more approvers for the access request.
type: array
items:
type: object
required:
- approvalDecision
- approverName
- approver
properties:
approvalComment:
nullable: true
type: string
description: A comment left by the approver.
example: This access looks good. Approved.
approvalDecision:
enum:
- APPROVED
- DENIED
description: The final decision of the approver.
example: APPROVED
approverName:
type: string
description: The name of the approver
example: Stephen.Austin
approver:
required:
- id
- type
- name
allOf:
- type: object
description: Identity who approved the access item request.
properties:
type:
type: string
description: DTO type of identity who approved the access item request.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who approved the access item request.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Human-readable display name of identity who approved the access item request.
example: Allen Albertson
description: The identity of the approver.
properties:
type:
enum:
- IDENTITY
example: IDENTITY
description: The type of object that is referenced
requestedBy:
required:
- id
- type
- name
allOf:
- type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
- title: Access Request Pre Approval
type: object
required:
- accessRequestId
- requestedFor
- requestedItems
- requestedBy
properties:
accessRequestId:
type: string
description: The unique ID of the access request.
example: 2c91808b6ef1d43e016efba0ce470904
requestedFor:
required:
- id
- type
- name
type: array
description: Identities access was requested for.
items:
type: object
description: Identity the access item is requested for.
properties:
type:
type: string
description: DTO type of identity the access item is requested for.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity the access item is requested for.
example: 2c4180a46faadee4016fb4e018c20626
name:
type: string
description: Human-readable display name of identity the access item is requested for.
example: Robert Robinson
minItems: 1
maxItems: 10
requestedItems:
description: Details of the access items being requested.
type: array
items:
type: object
required:
- id
- name
- type
- operation
properties:
id:
type: string
description: The unique ID of the access item being requested.
example: 2c91808b6ef1d43e016efba0ce470904
name:
type: string
description: The human friendly name of the access item.
example: Engineering Access
description:
nullable: true
type: string
description: Detailed description of the access item.
example: Access to engineering database
type:
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of access item.
example: ACCESS_PROFILE
operation:
enum:
- Add
- Remove
description: The action to perform on the access item.
example: Add
comment:
nullable: true
type: string
description: A comment from the identity requesting the access.
example: William needs this access to do his job.
minItems: 1
maxItems: 25
requestedBy:
required:
- id
- type
- name
allOf:
- type: object
description: Access item requester's identity.
properties:
type:
type: string
description: Access item requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Access item requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Access item owner's human-readable display name.
example: William Wilson
- title: Account Aggregation Completed
type: object
required:
- source
- status
- started
- completed
- errors
- warnings
- stats
properties:
source:
required:
- type
- name
- id
type: object
description: The source the accounts are being aggregated from.
properties:
type:
type: string
description: The DTO type of the source the accounts are being aggregated from.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: The ID of the source the accounts are being aggregated from.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Display name of the source the accounts are being aggregated from.
example: HR Active Directory
status:
description: The overall status of the aggregation.
enum:
- Success
- Failed
- Terminated
example: Success
started:
type: string
format: date-time
description: The date and time when the account aggregation started.
example: '2020-06-29T22:01:50.474Z'
completed:
type: string
format: date-time
description: The date and time when the account aggregation finished.
example: '2020-06-29T22:02:04.090Z'
errors:
nullable: true
description: A list of errors that occurred during the aggregation.
type: array
items:
type: string
description: A descriptive error message.
example: Accounts unable to be aggregated.
warnings:
nullable: true
description: A list of warnings that occurred during the aggregation.
type: array
items:
type: string
description: A descriptive warning message.
example: Account Skipped
stats:
type: object
description: Overall statistics about the account aggregation.
required:
- scanned
- unchanged
- changed
- added
- removed
properties:
scanned:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: The number of accounts which were scanned / iterated over.
example: 200
unchanged:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: 'The number of accounts which existed before, but had no changes.'
example: 190
changed:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: 'The number of accounts which existed before, but had changes.'
example: 6
added:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: The number of accounts which are new - have not existed before.
example: 4
removed:
type: integer
minimum: 0
maximum: 2147483647
format: int32
description: 'The number accounts which existed before, but no longer exist (thus getting removed).'
example: 3
- title: Account Attributes Changed
type: object
required:
- identity
- source
- account
- changes
properties:
identity:
required:
- id
- type
- name
type: object
description: The identity whose account attributes were updated.
properties:
type:
type: string
description: DTO type of the identity whose account attributes were updated.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity whose account attributes were updated.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of the identity whose account attributes were updated.
example: Michael Michaels
source:
required:
- id
- type
- name
type: object
description: The source that contains the account.
properties:
id:
description: ID of the object to which this reference applies
type: string
example: 4e4d982dddff4267ab12f0f1e72b5a6d
type:
type: string
enum:
- SOURCE
example: SOURCE
description: The type of object that is referenced
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Corporate Active Directory
account:
type: object
description: Details of the account where the attributes changed.
required:
- id
- uuid
- name
- nativeIdentity
- type
properties:
id:
type: string
description: SailPoint generated unique identifier.
example: 52170a74-ca89-11ea-87d0-0242ac130003
uuid:
nullable: true
type: string
description: The source's unique identifier for the account. UUID is generated by the source system.
example: 1cb1f07d-3e5a-4431-becd-234fa4306108
name:
type: string
description: Name of the account.
example: john.doe
nativeIdentity:
type: string
description: Unique ID of the account on the source.
example: 'cn=john.doe,ou=users,dc=acme,dc=com'
type:
enum:
- ACCOUNT
description: The type of the account
example: ACCOUNT
changes:
type: array
description: A list of attributes that changed.
items:
type: object
required:
- attribute
- oldValue
- newValue
properties:
attribute:
type: string
description: The name of the attribute.
example: sn
oldValue:
description: The previous value of the attribute.
nullable: true
oneOf:
- type: string
- type: boolean
- type: array
items:
nullable: true
type: string
example: doe
newValue:
description: The new value of the attribute.
nullable: true
oneOf:
- type: string
- type: boolean
- type: array
items:
nullable: true
type: string
example: ryans
- title: Account Correlated
type: object
required:
- identity
- source
- account
- attributes
properties:
identity:
required:
- type
- name
- id
type: object
description: Identity the account is correlated with.
properties:
type:
type: string
description: DTO type of the identity the account is correlated with.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity the account is correlated with.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of the identity the account is correlated with.
example: Michael Michaels
source:
required:
- id
- type
- name
type: object
description: The source the accounts are being correlated from.
properties:
type:
type: string
description: The DTO type of the source the accounts are being correlated from.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: The ID of the source the accounts are being correlated from.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Display name of the source the accounts are being correlated from.
example: HR Active Directory
account:
type: object
description: The correlated account.
required:
- id
- name
- nativeIdentity
- type
properties:
type:
type: string
description: The correlated account's DTO type.
enum:
- ACCOUNT
example: ACCOUNT
id:
type: string
description: The correlated account's ID.
example: 98da47c31df444558c211f9b205184f6
name:
type: string
description: The correlated account's display name.
example: Brian Mendoza
nativeIdentity:
type: string
description: Unique ID of the account on the source.
example: 'cn=john.doe,ou=users,dc=acme,dc=com'
uuid:
nullable: true
type: string
description: The source's unique identifier for the account. UUID is generated by the source system.
example: 1cb1f07d-3e5a-4431-becd-234fa4306108
attributes:
type: object
description: The attributes associated with the account. Attributes are unique per source.
additionalProperties: true
example:
sn: doe
givenName: john
memberOf:
- 'cn=g1,ou=groups,dc=acme,dc=com'
- 'cn=g2,ou=groups,dc=acme,dc=com'
- 'cn=g3,ou=groups,dc=acme,dc=com'
entitlementCount:
type: integer
format: int32
description: The number of entitlements associated with this account.
example: 0
- title: Accounts Collected for Aggregation
type: object
required:
- source
- status
- started
- completed
- errors
- warnings
- stats
properties:
source:
required:
- id
- type
- name
type: object
description: Reference to the source that has been aggregated.
properties:
id:
description: ID of the object to which this reference applies
type: string
example: 4e4d982dddff4267ab12f0f1e72b5a6d
type:
type: string
enum:
- SOURCE
example: SOURCE
description: The type of object that is referenced
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Corporate Active Directory
status:
description: The overall status of the collection.
enum:
- Success
- Failed
- Terminated
example: Success
started:
type: string
format: date-time
description: The date and time when the account collection started.
example: '2020-06-29T22:01:50.474Z'
completed:
type: string
format: date-time
description: The date and time when the account collection finished.
example: '2020-06-29T22:02:04.090Z'
errors:
nullable: true
description: A list of errors that occurred during the collection.
type: array
items:
type: string
description: A descriptive error message.
example: Unable to collect accounts for aggregation.
warnings:
nullable: true
description: A list of warnings that occurred during the collection.
type: array
items:
type: string
description: A descriptive warning message.
example: Account Skipped
stats:
type: object
description: Overall statistics about the account collection.
required:
- scanned
- unchanged
- changed
- added
- removed
properties:
scanned:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: The number of accounts which were scanned / iterated over.
example: 200
unchanged:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: 'The number of accounts which existed before, but had no changes.'
example: 190
changed:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: 'The number of accounts which existed before, but had changes.'
example: 6
added:
type: integer
format: int32
minimum: 0
maximum: 2147483647
description: The number of accounts which are new - have not existed before.
example: 4
removed:
type: integer
minimum: 0
maximum: 2147483647
format: int32
description: 'The number accounts which existed before, but no longer exist (thus getting removed).'
example: 3
- title: Account Uncorrelated
type: object
required:
- identity
- source
- account
properties:
identity:
required:
- type
- name
- id
type: object
description: Identity the account is uncorrelated with.
properties:
type:
type: string
description: DTO type of the identity the account is uncorrelated with.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of the identity the account is uncorrelated with.
example: 2c3780a46faadee4016fb4e018c20652
name:
type: string
description: Display name of the identity the account is uncorrelated with.
example: Allen Albertson
source:
required:
- type
- name
- id
type: object
description: The source the accounts are uncorrelated from.
properties:
type:
type: string
description: The DTO type of the source the accounts are uncorrelated from.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: The ID of the source the accounts are uncorrelated from.
example: 2c6180835d191a86015d28455b4b231b
name:
type: string
description: Display name of the source the accounts are uncorrelated from.
example: Corporate Directory
account:
type: object
description: Uncorrelated account.
required:
- id
- name
- nativeIdentity
- type
properties:
type:
enum:
- ACCOUNT
description: Uncorrelated account's DTO type.
example: ACCOUNT
id:
type: string
description: Uncorrelated account's ID.
example: 4dd497e3723e439991cb6d0e478375dd
name:
type: string
description: Uncorrelated account's display name.
example: Sadie Jensen
nativeIdentity:
type: string
description: Unique ID of the account on the source.
example: 'cn=john.doe,ou=users,dc=acme,dc=com'
uuid:
nullable: true
type: string
description: The source's unique identifier for the account. UUID is generated by the source system.
example: 1cb1f07d-3e5a-4431-becd-234fa4306108
entitlementCount:
type: integer
format: int32
description: The number of entitlements associated with this account.
example: 0
- title: Campaign Activated
type: object
required:
- campaign
properties:
campaign:
type: object
description: Details about the certification campaign that was activated.
required:
- id
- name
- description
- created
- deadline
- type
- campaignOwner
- status
properties:
id:
type: string
description: Unique ID for the campaign.
example: 2c91808576f886190176f88cac5a0010
name:
type: string
description: The human friendly name of the campaign.
example: Manager Access Campaign
description:
type: string
description: Extended description of the campaign.
example: Audit access for all employees.
created:
type: string
format: date-time
description: The date and time the campaign was created.
example: '2021-02-16T03:04:45.815Z'
modified:
nullable: true
type: string
format: date-time
description: The date and time the campaign was last modified.
example: '2021-02-16T03:06:45.815Z'
deadline:
type: string
format: date-time
description: The date and time the campaign is due.
example: '2021-03-16T03:04:45.815Z'
type:
description: The type of campaign.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
campaignOwner:
type: object
description: Details of the identity that owns the campaign.
required:
- id
- displayName
- email
properties:
id:
type: string
description: The unique ID of the identity.
example: 37f080867702c1910177031320c40n27
displayName:
type: string
description: The human friendly name of the identity.
example: John Snow
email:
type: string
description: The primary email address of the identity.
example: john.snow@example.com
status:
enum:
- ACTIVE
description: The current status of the campaign.
example: ACTIVE
- title: Campaign Ended
type: object
required:
- campaign
properties:
campaign:
type: object
description: Details about the certification campaign that ended.
required:
- id
- name
- description
- created
- deadline
- type
- campaignOwner
- status
properties:
id:
type: string
description: Unique ID for the campaign.
example: 2c91808576f886190176f88cac5a0010
name:
type: string
description: The human friendly name of the campaign.
example: Manager Access Campaign
description:
type: string
description: Extended description of the campaign.
example: Audit access for all employees.
created:
type: string
format: date-time
description: The date and time the campaign was created.
example: '2021-02-16T03:04:45.815Z'
modified:
nullable: true
type: string
format: date-time
description: The date and time the campaign was last modified.
example: '2021-03-16T03:06:45.815Z'
deadline:
type: string
format: date-time
description: The date and time the campaign is due.
example: '2021-03-16T03:04:45.815Z'
type:
description: The type of campaign.
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
example: MANAGER
campaignOwner:
type: object
description: Details of the identity that owns the campaign.
required:
- id
- displayName
- email
properties:
id:
type: string
description: The unique ID of the identity.
example: 37f080867702c1910177031320c40n27
displayName:
type: string
description: The human friendly name of the identity.
example: John Snow
email:
type: string
description: The primary email address of the identity.
example: john.snow@example.com
status:
enum:
- COMPLETED
description: The current status of the campaign.
example: COMPLETED
- title: Campaign Generated
type: object
required:
- campaign
properties:
campaign:
description: Details about the campaign that was generated.
type: object
required:
- id
- name
- description
- created
- type
- campaignOwner
- status
properties:
id:
type: string
description: The unique ID of the campaign.
example: 2c91808576f886190176f88cac5a0010
name:
type: string
description: Human friendly name of the campaign.
example: Manager Access Campaign
description:
type: string
description: Extended description of the campaign.
example: Audit access for all employees.
created:
type: string
format: date-time
description: The date and time the campaign was created.
example: '2021-02-16T03:04:45.815Z'
modified:
nullable: true
type: string
description: The date and time the campaign was last modified.
example: '2021-02-17T03:04:45.815Z'
deadline:
nullable: true
type: string
description: The date and time when the campaign must be finished by.
example: '2021-02-18T03:04:45.815Z'
type:
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
- ROLE_COMPOSITION
description: The type of campaign that was generated.
example: MANAGER
campaignOwner:
type: object
description: The identity that owns the campaign.
required:
- id
- displayName
- email
properties:
id:
type: string
description: The unique ID of the identity.
example: 37f080867702c1910177031320c40n27
displayName:
type: string
description: The display name of the identity.
example: John Snow
email:
type: string
description: The primary email address of the identity.
example: john.snow@example.com
status:
enum:
- STAGED
- ACTIVATING
- ACTIVE
description: The current status of the campaign.
example: STAGED
- title: Certification Signed Off
type: object
required:
- certification
properties:
certification:
description: The certification campaign that was signed off on.
required:
- id
- name
- created
allOf:
- type: object
required:
- campaignRef
- completed
- decisionsMade
- decisionsTotal
- due
- signed
- reviewer
- campaignOwner
- hasErrors
- phase
- entitiesCompleted
- entitiesTotal
properties:
campaignRef:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
signed:
type: string
format: date-time
description: The date the reviewer signed off on the certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
description: A reference to the reviewer of the campaign.
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
nullable: true
description: A reference to a reviewer that this campaign has been reassigned to.
type: object
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
type: boolean
example: false
description: Indicates it the certification has any errors.
errorMessage:
type: string
nullable: true
example: The certification has an error
description: A message indicating what the error is.
completed:
type: boolean
description: Indicates if all certification decisions have been made.
example: false
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made by the reviewer.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions for the certification.
example: 40
format: int32
entitiesCompleted:
type: integer
description: 'The number of entities (identities, access profiles, roles, etc.) for which all decisions have been made and are complete.'
example: 5
format: int32
entitiesTotal:
type: integer
format: int32
description: 'The total number of entities (identities, access profiles, roles, etc.) in the certification, both complete and incomplete.'
example: 10
properties:
id:
type: string
description: Unique ID of the certification.
example: 2c91808576f886190176f88caf0d0067
name:
type: string
description: The name of the certification.
example: Manager Access Review for Alice Baker
created:
type: string
format: date-time
description: The date and time the certification was created.
example: '2020-02-16T03:04:45.815Z'
modified:
nullable: true
type: string
format: date-time
description: The date and time the certification was last modified.
example: '2020-02-16T03:06:45.815Z'
- title: Identity Attributes Changed
type: object
required:
- identity
- changes
properties:
identity:
required:
- id
- type
- name
type: object
description: Identity whose attributes changed.
properties:
type:
type: string
description: DTO type of identity whose attributes changed.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity whose attributes changed.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Display name of identity whose attributes changed.
example: Michael Michaels
changes:
description: A list of one or more identity attributes that changed on the identity.
type: array
items:
type: object
required:
- attribute
properties:
attribute:
type: string
description: The name of the identity attribute that changed.
example: department
oldValue:
description: The value of the identity attribute before it changed.
nullable: true
example: sales
oneOf:
- type: string
- type: boolean
- type: array
items:
type: string
- type: object
nullable: true
additionalProperties:
oneOf:
- type: string
- type: number
- type: integer
- type: boolean
newValue:
description: The value of the identity attribute after it changed.
example: marketing
oneOf:
- type: string
- type: boolean
- type: array
items:
type: string
- type: object
nullable: true
additionalProperties:
oneOf:
- type: string
- type: number
- type: integer
- type: boolean
- title: Identity Created
type: object
required:
- identity
- attributes
properties:
identity:
required:
- id
- type
- name
type: object
description: Created identity.
properties:
type:
type: string
description: Created identity's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Created identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Created identity's display name.
example: Michael Michaels
attributes:
type: object
description: The attributes assigned to the identity. Attributes are determined by the identity profile.
additionalProperties: true
example:
firstname: John
- title: Identity Deleted
type: object
required:
- identity
- attributes
properties:
identity:
required:
- id
- type
- name
type: object
description: Deleted identity.
properties:
type:
type: string
description: Deleted identity's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Deleted identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Deleted identity's display name.
example: Michael Michaels
attributes:
type: object
description: The attributes assigned to the identity. Attributes are determined by the identity profile.
additionalProperties: true
example:
firstname: John
- title: Provisioning Completed
type: object
required:
- trackingNumber
- sources
- recipient
- accountRequests
properties:
trackingNumber:
type: string
description: The reference number of the provisioning request. Useful for tracking status in the Account Activity search interface.
example: 4b4d982dddff4267ab12f0f1e72b5a6d
sources:
type: string
description: One or more sources that the provisioning transaction(s) were done against. Sources are comma separated.
example: 'Corp AD, Corp LDAP, Corp Salesforce'
action:
nullable: true
type: string
description: Origin of where the provisioning request came from.
example: IdentityRefresh
errors:
nullable: true
description: A list of any accumulated error messages that occurred during provisioning.
type: array
items:
type: string
example: Connector AD Failed
warnings:
nullable: true
description: A list of any accumulated warning messages that occurred during provisioning.
type: array
items:
type: string
example: Notification Skipped due to invalid email
recipient:
required:
- id
- type
- name
type: object
description: Provisioning recpient.
properties:
type:
type: string
description: Provisioning recipient DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Provisioning recipient's identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Provisioning recipient's display name.
example: Michael Michaels
requester:
nullable: true
required:
- id
- type
- name
type: object
description: Provisioning requester's identity.
properties:
type:
type: string
description: Provisioning requester's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Provisioning requester's identity ID.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Provisioning owner's human-readable display name.
example: William Wilson
accountRequests:
type: array
description: A list of provisioning instructions to perform on an account-by-account basis.
items:
type: object
required:
- source
- accountOperation
- provisioningResult
- provisioningTarget
properties:
source:
required:
- id
- type
- name
type: object
description: Reference to the source being provisioned against.
properties:
id:
description: ID of the object to which this reference applies
type: string
example: 4e4d982dddff4267ab12f0f1e72b5a6d
type:
type: string
enum:
- SOURCE
example: SOURCE
description: The type of object that is referenced
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Corporate Active Directory
accountId:
type: string
description: The unique idenfier of the account being provisioned.
example: 'CN=Chewy.Bacca,ou=hardcorefigter,ou=wookies,dc=starwars,dc=com'
accountOperation:
type: string
description: 'The provisioning operation; typically Create, Modify, Enable, Disable, Unlock, or Delete.'
example: Modify
provisioningResult:
description: 'The overall result of the provisioning transaction; this could be success, pending, failed, etc.'
enum:
- SUCCESS
- PENDING
- FAILED
example: SUCCESS
provisioningTarget:
type: string
description: 'The name of the provisioning channel selected; this could be the same as the source, or could be a Service Desk Integration Module (SDIM).'
example: Corp AD
ticketId:
nullable: true
type: string
description: 'A reference to a tracking number, if this is sent to a Service Desk Integration Module (SDIM).'
example: '72619262'
attributeRequests:
nullable: true
description: A list of attributes as part of the provisioning transaction.
type: array
items:
type: object
required:
- attributeName
- operation
properties:
attributeName:
type: string
description: The name of the attribute being provisioned.
example: memberOf
attributeValue:
nullable: true
type: string
description: The value of the attribute being provisioned.
example: 'CN=jedi,DC=starwars,DC=com'
operation:
enum:
- Add
- Set
- Remove
description: The operation to handle the attribute.
example: Add
- title: Saved Search Complete
type: object
required:
- fileName
- ownerEmail
- ownerName
- query
- searchName
- searchResults
- signedS3Url
properties:
fileName:
type: string
description: A name for the report file.
example: Modified.zip
ownerEmail:
type: string
description: The email address of the identity that owns the saved search.
example: test@sailpoint.com
ownerName:
type: string
description: The name of the identity that owns the saved search.
example: Cloud Support
query:
type: string
description: The search query that was used to generate the report.
example: 'modified:[now-7y/d TO now]'
searchName:
type: string
description: The name of the saved search.
example: Modified Activity
searchResults:
type: object
description: 'A preview of the search results for each object type. This includes a count as well as headers, and the first several rows of data, per object type.'
properties:
Account:
description: A table of accounts that match the search criteria.
nullable: true
type: object
required:
- count
- noun
- preview
properties:
count:
type: string
description: The number of rows in the table.
example: 3
noun:
type: string
description: The type of object represented in the table.
example: accounts
preview:
description: A sample of the data in the table.
type: array
items:
type: array
items:
type: string
example: Robert.Chase
example: []
Entitlement:
description: A table of entitlements that match the search criteria.
nullable: true
type: object
required:
- count
- noun
- preview
properties:
count:
type: string
description: The number of rows in the table.
example: 2
noun:
type: string
description: The type of object represented in the table.
example: entitlements
preview:
description: A sample of the data in the table.
type: array
items:
type: array
items:
type: string
example: Administrator
example: []
Identity:
description: A table of identities that match the search criteria.
nullable: true
type: object
required:
- count
- noun
- preview
properties:
count:
type: string
description: The number of rows in the table.
example: 2
noun:
type: string
description: The type of object represented in the table.
example: identities
preview:
description: A sample of the data in the table.
type: array
items:
type: array
items:
type: string
example: Carol Shelby
example: []
signedS3Url:
type: string
description: The Amazon S3 URL to download the report from.
example: 'https://sptcbu-org-data-useast1.s3.amazonaws.com/arsenal-john/reports/Events%20Export.2020-05-06%2018%2759%20GMT.3e580592-86e4-4953-8aea-49e6ef20a086.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200506T185919Z&X-Amz-SignedHeaders=host&X-Amz-Expires=899&X-Amz-Credential=AKIAV5E54XOGTS4Q4L7A%2F20200506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2e732bb97a12a1fd8a215613e3c31fcdae8ba1fb6a25916843ab5b51d2ddefbc'
- title: Source Account Created
type: object
required:
- id
- nativeIdentifier
- sourceId
- sourceName
- identityId
- identityName
- attributes
properties:
uuid:
type: string
description: Source unique identifier for the identity. UUID is generated by the source system.
example: b7264868-7201-415f-9118-b581d431c688
id:
type: string
description: SailPoint generated unique identifier.
example: ee769173319b41d19ccec35ba52f237b
nativeIdentifier:
type: string
description: Unique ID of the account on the source.
example: E009
sourceId:
type: string
description: The ID of the source.
example: 2c918082814e693601816e09471b29b6
sourceName:
type: string
description: The name of the source.
example: Active Directory
identityId:
type: string
description: The ID of the identity that is correlated with this account.
example: ee769173319b41d19ccec6c235423237b
identityName:
type: string
description: The name of the identity that is correlated with this account.
example: john.doe
attributes:
type: object
additionalProperties: true
description: The attributes of the account. The contents of attributes depends on the account schema for the source.
example:
firstname: John
lastname: Doe
email: john.doe@gmail.com
department: Sales
displayName: John Doe
created: '2020-04-27T16:48:33.597Z'
employeeNumber: E009
uid: E009
inactive: 'true'
phone: null
identificationNumber: E009
- title: Source Account Deleted
type: object
required:
- id
- nativeIdentifier
- sourceId
- sourceName
- identityId
- identityName
- attributes
properties:
uuid:
type: string
description: Source unique identifier for the identity. UUID is generated by the source system.
example: b7264868-7201-415f-9118-b581d431c688
id:
type: string
description: SailPoint generated unique identifier.
example: ee769173319b41d19ccec35ba52f237b
nativeIdentifier:
type: string
description: Unique ID of the account on the source.
example: E009
sourceId:
type: string
description: The ID of the source.
example: 2c918082814e693601816e09471b29b6
sourceName:
type: string
description: The name of the source.
example: Active Directory
identityId:
type: string
description: The ID of the identity that is correlated with this account.
example: ee769173319b41d19ccec6c235423237b
identityName:
type: string
description: The name of the identity that is correlated with this account.
example: john.doe
attributes:
type: object
additionalProperties: true
description: The attributes of the account. The contents of attributes depends on the account schema for the source.
example:
firstname: John
lastname: Doe
email: john.doe@gmail.com
department: Sales
displayName: John Doe
created: '2020-04-27T16:48:33.597Z'
employeeNumber: E009
uid: E009
inactive: 'true'
phone: null
identificationNumber: E009
- title: Source Account Updated
type: object
required:
- id
- nativeIdentifier
- sourceId
- sourceName
- identityId
- identityName
- attributes
properties:
uuid:
type: string
description: Source unique identifier for the identity. UUID is generated by the source system.
example: b7264868-7201-415f-9118-b581d431c688
id:
type: string
description: SailPoint generated unique identifier.
example: ee769173319b41d19ccec35ba52f237b
nativeIdentifier:
type: string
description: Unique ID of the account on the source.
example: E009
sourceId:
type: string
description: The ID of the source.
example: 2c918082814e693601816e09471b29b6
sourceName:
type: string
description: The name of the source.
example: Active Directory
identityId:
type: string
description: The ID of the identity that is correlated with this account.
example: ee769173319b41d19ccec6c235423237b
identityName:
type: string
description: The name of the identity that is correlated with this account.
example: john.doe
attributes:
type: object
additionalProperties: true
description: The attributes of the account. The contents of attributes depends on the account schema for the source.
example:
firstname: John
lastname: Doe
email: john.doe@gmail.com
department: Sales
displayName: John Doe
created: '2020-04-27T16:48:33.597Z'
employeeNumber: E009
uid: E009
inactive: 'true'
phone: null
identificationNumber: E009
- title: Source Created
type: object
required:
- id
- name
- type
- created
- connector
- actor
properties:
id:
type: string
description: The unique ID of the source.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human friendly name of the source.
example: Test source
type:
type: string
description: The connection type.
example: DIRECT_CONNECT
created:
type: string
format: date-time
description: The date and time the source was created.
example: '2021-03-29T22:01:50.474Z'
connector:
type: string
description: The connector type used to connect to the source.
example: active-directory
actor:
required:
- id
- name
- type
type: object
description: Identity who created the source.
properties:
type:
type: string
description: DTO type of identity who created the source.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who created the source.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Display name of identity who created the source.
example: William Wilson
- title: Source Deleted
type: object
required:
- id
- name
- type
- deleted
- connector
- actor
properties:
id:
type: string
description: The unique ID of the source.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Human friendly name of the source.
example: Test source
type:
type: string
description: The connection type.
example: DIRECT_CONNECT
deleted:
type: string
format: date-time
description: The date and time the source was deleted.
example: '2021-03-29T22:01:50.474Z'
connector:
type: string
description: The connector type used to connect to the source.
example: active-directory
actor:
required:
- id
- name
- type
type: object
description: Identity who deleted the source.
properties:
type:
type: string
description: DTO type of identity who deleted the source.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who deleted the source.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Display name of identity who deleted the source.
example: William Wilson
- title: Source Updated
type: object
required:
- id
- name
- type
- modified
- connector
- actor
properties:
id:
type: string
description: The unique ID of the source.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: The user friendly name of the source.
example: Corporate Active Directory
type:
type: string
description: The connection type of the source.
example: DIRECT_CONNECT
modified:
type: string
format: date-time
description: The date and time the source was modified.
example: '2021-03-29T22:01:50.474Z'
connector:
type: string
description: The connector type used to connect to the source.
example: active-directory
actor:
required:
- type
- name
type: object
description: Identity who updated the source.
properties:
type:
type: string
description: DTO type of identity who updated the source.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: ID of identity who updated the source.
example: 2c7180a46faadee4016fb4e018c20648
name:
type: string
description: Display name of identity who updated the source.
example: William Wilson
- title: VA Cluster Status Change Event
type: object
required:
- created
- type
- application
- healthCheckResult
- previousHealthCheckResult
properties:
created:
type: string
format: date-time
description: The date and time the status change occurred.
example: '2020-06-29T22:01:50.474Z'
type:
enum:
- SOURCE
- CLUSTER
description: The type of the object that initiated this event.
example: CLUSTER
application:
type: object
description: Details about the `CLUSTER` or `SOURCE` that initiated this event.
required:
- id
- name
- attributes
properties:
id:
type: string
description: The GUID of the application
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: The name of the application
example: Production VA Cluster
attributes:
type: object
description: Custom map of attributes for a source. This will only be populated if type is `SOURCE` and the source has a proxy.
additionalProperties: true
nullable: true
example: null
healthCheckResult:
type: object
description: The results of the most recent health check.
required:
- message
- resultType
- status
properties:
message:
type: string
description: Detailed message of the result of the health check.
example: Test Connection failed with exception. Error message - java.lang Exception
resultType:
type: string
description: The type of the health check result.
example: SOURCE_STATE_ERROR_CLUSTER
status:
enum:
- Succeeded
- Failed
description: The status of the health check.
example: Succeeded
previousHealthCheckResult:
type: object
description: The results of the last health check.
required:
- message
- resultType
- status
properties:
message:
type: string
description: Detailed message of the result of the health check.
example: Test Connection failed with exception. Error message - java.lang Exception
resultType:
type: string
description: The type of the health check result.
example: SOURCE_STATE_ERROR_CLUSTER
status:
enum:
- Succeeded
- Failed
description: The status of the health check.
example: Failed
outputSchema:
type: string
description: The JSON schema of the response that will be sent by the subscribed service to the trigger in response to an event. This only applies to a trigger type of `REQUEST_RESPONSE`.
nullable: true
example: '{"definitions":{"record:AccessRequestDynamicApproverOutput":{"type":["null","object"],"required":["id","name","type"],"additionalProperties":true,"properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}}}},"$ref":"#/definitions/record:AccessRequestDynamicApproverOutput"}'
exampleOutput:
description: An example of the JSON payload that will be sent by the subscribed service to the trigger in response to an event.
nullable: true
oneOf:
- title: Access Request Dynamic Approver
type: object
nullable: true
required:
- id
- name
- type
properties:
id:
type: string
description: The unique ID of the identity to add to the approver list for the access request.
example: 2c91808b6ef1d43e016efba0ce470906
name:
type: string
description: The name of the identity to add to the approver list for the access request.
example: Adam Adams
type:
enum:
- IDENTITY
- GOVERNANCE_GROUP
description: The type of object being referenced.
example: IDENTITY
- title: Access Request Pre Approval
type: object
required:
- approved
- comment
- approver
properties:
approved:
type: boolean
description: Whether or not to approve the access request.
example: false
comment:
type: string
description: A comment about the decision to approve or deny the request.
example: 'This access should be denied, because this will cause an SOD violation.'
approver:
type: string
description: The name of the entity that approved or denied the request.
example: AcmeCorpExternalIntegration
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:trigger-service-subscriptions:read'
/trigger-subscriptions:
post:
operationId: createSubscription
tags:
- Triggers
summary: Create a subscription
description: |-
This API creates a new subscription to a trigger and defines trigger invocation details. The type of subscription determines which config object is required:
* HTTP subscriptions require httpConfig
* EventBridge subscriptions require eventBridgeConfig
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- triggerId
- type
- name
properties:
name:
type: string
description: Subscription name.
example: Access request subscription
description:
type: string
description: Subscription description.
example: Access requested to site xyz
triggerId:
type: string
description: ID of trigger subscribed to.
example: 'idn:access-requested'
type:
type: string
enum:
- HTTP
- EVENTBRIDGE
- INLINE
- SCRIPT
- WORKFLOW
description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.'
example: HTTP
responseDeadline:
type: string
description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.'
example: PT1H
default: PT1H
httpConfig:
description: Config required if HTTP subscription type is used.
type: object
properties:
url:
type: string
description: URL of the external/custom integration.
example: 'https://www.example.com'
httpDispatchMode:
type: string
description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.'
enum:
- SYNC
- ASYNC
- DYNAMIC
example: SYNC
httpAuthenticationType:
type: string
description: |-
Defines the HTTP Authentication type. Additional values may be added in the future.
If *NO_AUTH* is selected, no extra information will be in HttpConfig.
If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
enum:
- NO_AUTH
- BASIC_AUTH
- BEARER_TOKEN
default: NO_AUTH
example: BASIC_AUTH
basicAuthConfig:
type: object
properties:
userName:
type: string
description: The username to authenticate.
example: user@example.com
password:
type: string
nullable: true
description: 'The password to authenticate. On response, this field is set to null as to not return secrets.'
example: null
nullable: true
description: Config required if BASIC_AUTH is used.
bearerTokenAuthConfig:
type: object
properties:
bearerToken:
type: string
nullable: true
description: Bearer token
example: null
nullable: true
description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.'
required:
- url
- httpDispatchMode
eventBridgeConfig:
description: Config required if EVENTBRIDGE subscription type is used.
type: object
properties:
awsAccount:
type: string
description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
example: '123456789012'
awsRegion:
type: string
description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.'
example: us-west-1
required:
- awsAccount
- awsRegion
enabled:
type: boolean
description: |-
Whether subscription should receive real-time trigger invocations or not.
Test trigger invocations are always enabled regardless of this option.
default: true
example: true
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
examples:
HTTP Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
triggerId: 'idn:access-requested'
type: HTTP
httpConfig:
url: 'https://www.example.com'
httpDispatchMode: SYNC
httpAuthenticationType: BASIC_AUTH
basicAuthConfig:
userName: user@example.com
password: eRtg4%6yuI!
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
HTTP Async Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
triggerId: 'idn:access-requested'
type: HTTP
responseDeadline: PT1H
httpConfig:
url: 'https://www.example.com'
httpDispatchMode: ASYNC
httpAuthenticationType: BASIC_AUTH
basicAuthConfig:
userName: user@example.com
password: eRtg4%6yuI!
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
EventBridge Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
triggerId: 'idn:access-requested'
type: EVENTBRIDGE
eventBridgeConfig:
awsAccount: '123456789012'
awsRegion: us-west-1
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
responses:
'201':
description: New subscription to a trigger. The trigger can now be invoked by the method defined in the subscription.
content:
application/json:
schema:
type: object
required:
- id
- triggerId
- type
- name
- triggerName
- enabled
properties:
id:
type: string
description: Subscription ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: Subscription name.
example: Access request subscription
description:
type: string
description: Subscription description.
example: Access requested to site xyz
triggerId:
type: string
description: ID of trigger subscribed to.
example: 'idn:access-request-post-approval'
triggerName:
type: string
description: Trigger name of trigger subscribed to.
example: Access Requested
type:
type: string
enum:
- HTTP
- EVENTBRIDGE
- INLINE
- SCRIPT
- WORKFLOW
description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.'
example: HTTP
responseDeadline:
type: string
description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.'
example: PT1H
default: PT1H
httpConfig:
description: Config required if HTTP subscription type is used.
type: object
properties:
url:
type: string
description: URL of the external/custom integration.
example: 'https://www.example.com'
httpDispatchMode:
type: string
description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.'
enum:
- SYNC
- ASYNC
- DYNAMIC
example: SYNC
httpAuthenticationType:
type: string
description: |-
Defines the HTTP Authentication type. Additional values may be added in the future.
If *NO_AUTH* is selected, no extra information will be in HttpConfig.
If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
enum:
- NO_AUTH
- BASIC_AUTH
- BEARER_TOKEN
default: NO_AUTH
example: BASIC_AUTH
basicAuthConfig:
type: object
properties:
userName:
type: string
description: The username to authenticate.
example: user@example.com
password:
type: string
nullable: true
description: 'The password to authenticate. On response, this field is set to null as to not return secrets.'
example: null
nullable: true
description: Config required if BASIC_AUTH is used.
bearerTokenAuthConfig:
type: object
properties:
bearerToken:
type: string
nullable: true
description: Bearer token
example: null
nullable: true
description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.'
required:
- url
- httpDispatchMode
eventBridgeConfig:
description: Config required if EVENTBRIDGE subscription type is used.
type: object
properties:
awsAccount:
type: string
description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
example: '123456789012'
awsRegion:
type: string
description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.'
example: us-west-1
required:
- awsAccount
- awsRegion
enabled:
type: boolean
description: |-
Whether subscription should receive real-time trigger invocations or not.
Test trigger invocations are always enabled regardless of this option.
default: true
example: true
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
get:
operationId: listSubscriptions
tags:
- Triggers
summary: List subscriptions
description: Gets a list of all trigger subscriptions.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
required: false
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq*
**triggerId**: *eq*
**type**: *eq, le*
example: id eq "12cff757-c0c0-413b-8ad7-2a47956d1e89"
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **triggerId, triggerName**
example: triggerName
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of subscriptions.
content:
application/json:
schema:
type: array
items:
type: object
required:
- id
- triggerId
- type
- name
- triggerName
- enabled
properties:
id:
type: string
description: Subscription ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: Subscription name.
example: Access request subscription
description:
type: string
description: Subscription description.
example: Access requested to site xyz
triggerId:
type: string
description: ID of trigger subscribed to.
example: 'idn:access-request-post-approval'
triggerName:
type: string
description: Trigger name of trigger subscribed to.
example: Access Requested
type:
type: string
enum:
- HTTP
- EVENTBRIDGE
- INLINE
- SCRIPT
- WORKFLOW
description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.'
example: HTTP
responseDeadline:
type: string
description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.'
example: PT1H
default: PT1H
httpConfig:
description: Config required if HTTP subscription type is used.
type: object
properties:
url:
type: string
description: URL of the external/custom integration.
example: 'https://www.example.com'
httpDispatchMode:
type: string
description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.'
enum:
- SYNC
- ASYNC
- DYNAMIC
example: SYNC
httpAuthenticationType:
type: string
description: |-
Defines the HTTP Authentication type. Additional values may be added in the future.
If *NO_AUTH* is selected, no extra information will be in HttpConfig.
If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
enum:
- NO_AUTH
- BASIC_AUTH
- BEARER_TOKEN
default: NO_AUTH
example: BASIC_AUTH
basicAuthConfig:
type: object
properties:
userName:
type: string
description: The username to authenticate.
example: user@example.com
password:
type: string
nullable: true
description: 'The password to authenticate. On response, this field is set to null as to not return secrets.'
example: null
nullable: true
description: Config required if BASIC_AUTH is used.
bearerTokenAuthConfig:
type: object
properties:
bearerToken:
type: string
nullable: true
description: Bearer token
example: null
nullable: true
description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.'
required:
- url
- httpDispatchMode
eventBridgeConfig:
description: Config required if EVENTBRIDGE subscription type is used.
type: object
properties:
awsAccount:
type: string
description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
example: '123456789012'
awsRegion:
type: string
description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.'
example: us-west-1
required:
- awsAccount
- awsRegion
enabled:
type: boolean
description: |-
Whether subscription should receive real-time trigger invocations or not.
Test trigger invocations are always enabled regardless of this option.
default: true
example: true
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
examples:
HTTP Subscription:
value:
- id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Access request subscription
description: Access requested to site xyz
triggerId: 'idn:access-requested'
triggerName: Access Requested
type: HTTP
httpConfig:
url: 'https://www.example.com'
httpDispatchMode: SYNC
httpAuthenticationType: BASIC_AUTH
basicAuthConfig:
userName: user@example.com
password: null
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
HTTP Async Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
triggerId: 'idn:access-requested'
triggerName: Access Requested
type: HTTP
responseDeadline: PT1H
httpConfig:
url: 'https://www.example.com'
httpDispatchMode: ASYNC
httpAuthenticationType: BASIC_AUTH
basicAuthConfig:
userName: user@example.com
password: null
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
EventBridge Subscription:
value:
- id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name: Access request subscription
description: Access requested to site xyz
triggerId: 'idn:access-requested'
triggerName: Access Requested
type: EVENTBRIDGE
eventBridgeConfig:
awsAccount: '123456789012'
awsRegion: us-west-1
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:trigger-service-subscriptions:read'
'/trigger-subscriptions/{id}':
put:
operationId: updateSubscription
tags:
- Triggers
summary: Update a subscription
description: |-
This API updates a trigger subscription in IdentityNow, using a full object representation. In other words, the existing
Subscription is completely replaced. The following fields are immutable:
* id
* triggerId
Attempts to modify these fields result in 400.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSubscriptions
description: Subscription ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
type: string
description: Subscription name.
example: Access request subscription
description:
type: string
description: Subscription description.
example: Access requested to site xyz
type:
type: string
enum:
- HTTP
- EVENTBRIDGE
- INLINE
- SCRIPT
- WORKFLOW
description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.'
example: HTTP
responseDeadline:
type: string
description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.'
example: PT1H
default: PT1H
httpConfig:
description: Config required if HTTP subscription type is used.
type: object
properties:
url:
type: string
description: URL of the external/custom integration.
example: 'https://www.example.com'
httpDispatchMode:
type: string
description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.'
enum:
- SYNC
- ASYNC
- DYNAMIC
example: SYNC
httpAuthenticationType:
type: string
description: |-
Defines the HTTP Authentication type. Additional values may be added in the future.
If *NO_AUTH* is selected, no extra information will be in HttpConfig.
If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
enum:
- NO_AUTH
- BASIC_AUTH
- BEARER_TOKEN
default: NO_AUTH
example: BASIC_AUTH
basicAuthConfig:
type: object
properties:
userName:
type: string
description: The username to authenticate.
example: user@example.com
password:
type: string
nullable: true
description: 'The password to authenticate. On response, this field is set to null as to not return secrets.'
example: null
nullable: true
description: Config required if BASIC_AUTH is used.
bearerTokenAuthConfig:
type: object
properties:
bearerToken:
type: string
nullable: true
description: Bearer token
example: null
nullable: true
description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.'
required:
- url
- httpDispatchMode
eventBridgeConfig:
description: Config required if EVENTBRIDGE subscription type is used.
type: object
properties:
awsAccount:
type: string
description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
example: '123456789012'
awsRegion:
type: string
description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.'
example: us-west-1
required:
- awsAccount
- awsRegion
enabled:
type: boolean
description: |-
Whether subscription should receive real-time trigger invocations or not.
Test trigger invocations are always enabled regardless of this option.
default: true
example: true
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
examples:
HTTP Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
type: HTTP
httpConfig:
url: 'https://www.example.com'
httpDispatchMode: SYNC
httpAuthenticationType: BASIC_AUTH
basicAuthConfig:
userName: user@example.com
password: eRtg4%6yuI!
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
HTTP Async Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
type: HTTP
responseDeadline: PT1H
httpConfig:
url: 'https://www.example.com'
httpDispatchMode: ASYNC
httpAuthenticationType: BASIC_AUTH
basicAuthConfig:
userName: user@example.com
password: eRtg4%6yuI!
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
EventBridge Subscription:
value:
name: Access request subscription
description: Access requested to site xyz
type: EVENTBRIDGE
eventBridgeConfig:
awsAccount: '123456789012'
awsRegion: us-west-1
enabled: true
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
responses:
'200':
description: Updated subscription.
content:
application/json:
schema:
type: object
required:
- id
- triggerId
- type
- name
- triggerName
- enabled
properties:
id:
type: string
description: Subscription ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: Subscription name.
example: Access request subscription
description:
type: string
description: Subscription description.
example: Access requested to site xyz
triggerId:
type: string
description: ID of trigger subscribed to.
example: 'idn:access-request-post-approval'
triggerName:
type: string
description: Trigger name of trigger subscribed to.
example: Access Requested
type:
type: string
enum:
- HTTP
- EVENTBRIDGE
- INLINE
- SCRIPT
- WORKFLOW
description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.'
example: HTTP
responseDeadline:
type: string
description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.'
example: PT1H
default: PT1H
httpConfig:
description: Config required if HTTP subscription type is used.
type: object
properties:
url:
type: string
description: URL of the external/custom integration.
example: 'https://www.example.com'
httpDispatchMode:
type: string
description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.'
enum:
- SYNC
- ASYNC
- DYNAMIC
example: SYNC
httpAuthenticationType:
type: string
description: |-
Defines the HTTP Authentication type. Additional values may be added in the future.
If *NO_AUTH* is selected, no extra information will be in HttpConfig.
If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
enum:
- NO_AUTH
- BASIC_AUTH
- BEARER_TOKEN
default: NO_AUTH
example: BASIC_AUTH
basicAuthConfig:
type: object
properties:
userName:
type: string
description: The username to authenticate.
example: user@example.com
password:
type: string
nullable: true
description: 'The password to authenticate. On response, this field is set to null as to not return secrets.'
example: null
nullable: true
description: Config required if BASIC_AUTH is used.
bearerTokenAuthConfig:
type: object
properties:
bearerToken:
type: string
nullable: true
description: Bearer token
example: null
nullable: true
description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.'
required:
- url
- httpDispatchMode
eventBridgeConfig:
description: Config required if EVENTBRIDGE subscription type is used.
type: object
properties:
awsAccount:
type: string
description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
example: '123456789012'
awsRegion:
type: string
description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.'
example: us-west-1
required:
- awsAccount
- awsRegion
enabled:
type: boolean
description: |-
Whether subscription should receive real-time trigger invocations or not.
Test trigger invocations are always enabled regardless of this option.
default: true
example: true
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
patch:
operationId: patchSubscription
tags:
- Triggers
summary: Patch a subscription
description: |-
This API updates a trigger subscription in IdentityNow, using a set of instructions to modify a subscription partially. The following fields are patchable:
**name**, **description**, **enabled**, **type**, **filter**, **responseDeadline**, **httpConfig**, **eventBridgeConfig**, **workflowConfig**
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSubscriptions
description: ID of the Subscription to patch
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json-patch+json:
schema:
description: Operations to be applied
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
anyOf:
- type: string
- type: integer
- type: object
- type: array
items:
anyOf:
- type: string
- type: integer
- type: object
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /description
value: A new description
- op: replace
path: /name
value: A new name
responses:
'200':
description: Updated subscription.
content:
application/json:
schema:
type: object
required:
- id
- triggerId
- type
- name
- triggerName
- enabled
properties:
id:
type: string
description: Subscription ID.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
name:
type: string
description: Subscription name.
example: Access request subscription
description:
type: string
description: Subscription description.
example: Access requested to site xyz
triggerId:
type: string
description: ID of trigger subscribed to.
example: 'idn:access-request-post-approval'
triggerName:
type: string
description: Trigger name of trigger subscribed to.
example: Access Requested
type:
type: string
enum:
- HTTP
- EVENTBRIDGE
- INLINE
- SCRIPT
- WORKFLOW
description: 'Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.'
example: HTTP
responseDeadline:
type: string
description: 'Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.'
example: PT1H
default: PT1H
httpConfig:
description: Config required if HTTP subscription type is used.
type: object
properties:
url:
type: string
description: URL of the external/custom integration.
example: 'https://www.example.com'
httpDispatchMode:
type: string
description: 'HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.'
enum:
- SYNC
- ASYNC
- DYNAMIC
example: SYNC
httpAuthenticationType:
type: string
description: |-
Defines the HTTP Authentication type. Additional values may be added in the future.
If *NO_AUTH* is selected, no extra information will be in HttpConfig.
If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
enum:
- NO_AUTH
- BASIC_AUTH
- BEARER_TOKEN
default: NO_AUTH
example: BASIC_AUTH
basicAuthConfig:
type: object
properties:
userName:
type: string
description: The username to authenticate.
example: user@example.com
password:
type: string
nullable: true
description: 'The password to authenticate. On response, this field is set to null as to not return secrets.'
example: null
nullable: true
description: Config required if BASIC_AUTH is used.
bearerTokenAuthConfig:
type: object
properties:
bearerToken:
type: string
nullable: true
description: Bearer token
example: null
nullable: true
description: 'Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.'
required:
- url
- httpDispatchMode
eventBridgeConfig:
description: Config required if EVENTBRIDGE subscription type is used.
type: object
properties:
awsAccount:
type: string
description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
example: '123456789012'
awsRegion:
type: string
description: 'AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.'
example: us-west-1
required:
- awsAccount
- awsRegion
enabled:
type: boolean
description: |-
Whether subscription should receive real-time trigger invocations or not.
Test trigger invocations are always enabled regardless of this option.
default: true
example: true
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
delete:
operationId: deleteSubscription
tags:
- Triggers
summary: Delete a subscription
description: Deletes an existing subscription to a trigger.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSubscriptions
description: Subscription ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
/trigger-subscriptions/validate-filter:
post:
operationId: testSubscriptionFilter
tags:
- Triggers
summary: Validate a subscription filter
description: |-
Validates a JSONPath filter expression against a provided mock input.
Request requires a security scope of:
requestBody:
required: true
content:
application/json:
schema:
required:
- input
- filter
type: object
properties:
input:
type: object
description: Mock input to evaluate filter expression against.
example:
identityId: 201327fda1c44704ac01181e963d463c
filter:
type: string
description: JSONPath filter to conditionally invoke trigger when expression evaluates to true.
example: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
externalDocs:
description: JSONPath filter documentation
url: 'https://developer.sailpoint.com/idn/docs/event-triggers/filtering-events'
example:
input:
identityId: 201327fda1c44704ac01181e963d463c
filter: '$[?($.identityId == "201327fda1c44704ac01181e963d463c")]'
responses:
'200':
description: Boolean whether specified filter expression is valid against the input.
content:
application/json:
schema:
type: object
properties:
isValid:
type: boolean
default: false
description: 'When this field is true, the filter expression is valid against the input.'
example: true
isValidJSONPath:
type: boolean
default: false
description: 'When this field is true, the filter expression is using a valid JSON path.'
example: true
isPathExist:
type: boolean
default: false
description: 'When this field is true, the filter expression is using an existing path.'
example: true
example:
isValid: true
isValidJSONPath: true
isPathExist: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:trigger-service-subscriptions:manage'
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/trigger-invocations/status:
get:
operationId: listTriggerInvocationStatus
tags:
- Triggers
summary: List latest invocation statuses
description: |-
Gets a list of latest invocation statuses.
Statuses of successful invocations are available for up to 24 hours. Statuses of failed invocations are available for up to 48 hours.
This endpoint may only fetch up to 2000 invocations, and should not be treated as a representation of the full history of invocations.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
required: false
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**triggerId**: *eq*
**subscriptionId**: *eq*
example: 'triggerId eq "idn:access-request-dynamic-approver"'
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **triggerId, subscriptionName, created, completed**
example: created
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of latest invocation statuses.
content:
application/json:
schema:
type: array
items:
type: object
required:
- id
- triggerId
- subscriptionId
- startInvocationInput
- type
- subscriptionName
- created
properties:
id:
type: string
description: Invocation ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
triggerId:
type: string
description: Trigger ID
example: 'idn:access-request-post-approval'
subscriptionName:
type: string
description: Subscription name
example: Access request subscription
subscriptionId:
type: string
description: Subscription ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
type:
type: string
description: |-
Defines the Invocation type.
**TEST** The trigger was invocated as a test, either via the test subscription button in the UI or via the start test invocation API.
**REAL_TIME** The trigger subscription is live and was invocated by a real event in IdentityNow.
enum:
- TEST
- REAL_TIME
example: TEST
created:
type: string
format: date-time
description: Invocation created timestamp. ISO-8601 in UTC.
example: '2020-03-27T20:40:10.738Z'
completed:
type: string
format: date-time
description: Invocation completed timestamp; empty fields imply invocation is in-flight or not completed. ISO-8601 in UTC.
example: '2020-03-27T20:42:14.738Z'
startInvocationInput:
description: Data related to start of trigger invocation.
type: object
properties:
triggerId:
type: string
description: Trigger ID
example: 'idn:access-requested'
input:
type: object
example:
identityId: 201327fda1c44704ac01181e963d463c
description: Trigger input payload. Its schema is defined in the trigger definition.
contentJson:
type: object
example:
workflowId: 1234
description: JSON map of invocation metadata
completeInvocationInput:
description: Data related to end of trigger invocation.
type: object
properties:
localizedError:
type: object
nullable: true
description: Localized error message to indicate a failed invocation or error if any.
required:
- locale
- message
properties:
locale:
description: Message locale
type: string
example: An error has occurred!
message:
description: Message text
type: string
example: Error has occurred!
output:
type: object
nullable: true
example:
approved: false
description: Trigger output that completed the invocation. Its schema is defined in the trigger definition.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:trigger-service-invocation-status:read'
- 'sp:trigger-service-invocation-status:manage'
'/trigger-invocations/{id}/complete':
post:
operationId: completeTriggerInvocation
tags:
- Triggers
summary: Complete trigger invocation
description: Completes an invocation to a REQUEST_RESPONSE type trigger.
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listTriggerInvocationStatus
description: The ID of the invocation to complete.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
secret:
type: string
description: Unique invocation secret that was generated when the invocation was created. Required to authenticate to the endpoint.
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
error:
type: string
description: The error message to indicate a failed invocation or error if any.
example: Access request is denied.
output:
type: object
example:
approved: false
description: Trigger output to complete the invocation. Its schema is defined in the trigger definition.
required:
- secret
- output
example:
secret: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
output:
approved: false
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/trigger-invocations/test:
post:
operationId: startTestTriggerInvocation
tags:
- Triggers
summary: Start a test invocation
description: 'Initiate a test event for all subscribers of the specified event trigger. If there are no subscribers to the specified trigger in the tenant, then no test event will be sent.'
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
triggerId:
type: string
example: 'idn:access-request-post-approval'
description: Trigger ID
input:
type: object
example:
identityId: 201327fda1c44704ac01181e963d463c
description: 'Mock input to use for test invocation. This must adhere to the input schema defined in the trigger being invoked. If this property is omitted, then the default trigger sample payload will be sent.'
contentJson:
type: object
example:
workflowId: 1234
description: JSON map of invocation metadata.
subscriptionIds:
type: array
items:
type: string
example:
- 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
description: 'Only send the test event to the subscription IDs listed. If omitted, the test event will be sent to all subscribers.'
required:
- triggerId
- contentJson
examples:
Test Trigger with Mock Input:
value:
triggerId: 'idn:access-requested'
input:
identityId: 201327fda1c44704ac01181e963d463c
contentJson:
workflowId: 1234
Send Test to only One Subscriber:
value:
triggerId: 'idn:access-requested'
contentJson:
workflowId: 1234
subscriptionIds:
- 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
responses:
'200':
description: Test trigger invocations that have been started for specified subscription(s).
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: Invocation ID
example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
triggerId:
type: string
description: Trigger ID
example: 'idn:access-requested'
secret:
type: string
description: Unique invocation secret.
example: 0f979022-08be-44f2-b6f9-7393ec73ed9b
contentJson:
type: object
example:
workflowId: 1234
description: JSON map of invocation metadata.
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:trigger-service-invocation-status:manage'
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/ui-metadata/tenant:
get:
operationId: getTenantUiMetadata
tags:
- UI Metadata
summary: Get a tenant ui metadata
description: This API endpoint retrieves UI metadata configured for your tenant.
security:
- userAuth:
- 'idn:ui-access-metadata-page:read'
x-sailpoint-userLevels:
- ORG_ADMIN
responses:
'200':
description: A tenant UI metadata object
content:
application/json:
schema:
type: object
properties:
iframeWhiteList:
type: string
nullable: true
description: 'Parameter that organizational administrators can adjust to permit another domain to encapsulate IDN within an iframe. If you would like to reset the value use "null". It will only allow include into iframe non authenticated portions of the product, such as password reset.'
example: 'http://example.com http://example2.com'
usernameLabel:
type: string
nullable: true
description: Descriptor for the username input field. If you would like to reset the value use "null".
example: Email
usernameEmptyText:
type: string
nullable: true
description: Placeholder text displayed in the username input field. If you would like to reset the value use "null".
example: Please provide your work email address...
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
put:
operationId: setTenantUiMetadata
tags:
- UI Metadata
summary: Update tenant ui metadata
description: This API endpoint updates UI metadata for your tenant. These changes may require up to 5 minutes to take effect on the UI.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
iframeWhiteList:
type: string
nullable: true
description: 'Parameter that organizational administrators can adjust to permit another domain to encapsulate IDN within an iframe. If you would like to reset the value use "null". It will only allow include into iframe non authenticated portions of the product, such as password reset.'
example: 'http://example.com http://example2.com'
usernameLabel:
type: string
nullable: true
description: Descriptor for the username input field. If you would like to reset the value use "null".
example: Email
usernameEmptyText:
type: string
nullable: true
description: Placeholder text displayed in the username input field. If you would like to reset the value use "null".
example: Please provide your work email address...
security:
- userAuth:
- 'idn:ui-access-metadata-page:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
responses:
'200':
description: A tenant UI metadata object
content:
application/json:
schema:
type: object
properties:
iframeWhiteList:
type: string
nullable: true
description: 'Parameter that organizational administrators can adjust to permit another domain to encapsulate IDN within an iframe. If you would like to reset the value use "null". It will only allow include into iframe non authenticated portions of the product, such as password reset.'
example: 'http://example.com http://example2.com'
usernameLabel:
type: string
nullable: true
description: Descriptor for the username input field. If you would like to reset the value use "null".
example: Email
usernameEmptyText:
type: string
nullable: true
description: Placeholder text displayed in the username input field. If you would like to reset the value use "null".
example: Please provide your work email address...
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/verified-from-addresses:
get:
operationId: listFromAddresses
tags:
- Notifications
summary: List from addresses
description: Retrieve a list of sender email addresses and their verification statuses
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**email**: *eq, ge, le, sw*
example: email eq "john.doe@company.com"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **email**
example: email
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of Email Status
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
nullable: true
email:
type: string
example: sender@example.com
isVerifiedByDomain:
type: boolean
example: false
verificationStatus:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createVerifiedFromAddress
tags:
- Notifications
summary: Create verified from address
description: Create a new sender email address and initiate verification process.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
nullable: true
email:
type: string
example: sender@example.com
isVerifiedByDomain:
type: boolean
example: false
verificationStatus:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
example:
email: sender@example.com
responses:
'201':
description: New Verified Email Status
content:
application/json:
schema:
type: object
properties:
id:
type: string
nullable: true
email:
type: string
example: sender@example.com
isVerifiedByDomain:
type: boolean
example: false
verificationStatus:
type: string
enum:
- PENDING
- SUCCESS
- FAILED
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/verified-from-addresses/{id}':
delete:
operationId: deleteVerifiedFromAddress
tags:
- Notifications
summary: Delete verified from address
description: Delete a verified sender email address
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listFromAddresses
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/verified-domains:
get:
security:
- userAuth:
- 'sp:notification-dkim-attributes:read'
operationId: getDkimAttributes
tags:
- Notifications
summary: Get dkim attributes
description: Retrieve DKIM (DomainKeys Identified Mail) attributes for all your tenants' AWS SES identities. Limits retrieval to 100 identities per call.
responses:
'200':
description: List of DKIM Attributes
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
example: 123b45b0-aaaa-bbbb-a7db-123456a56abc
description: UUID associated with domain to be verified
address:
type: string
example: BobSmith@sailpoint.com
description: The identity or domain address
dkimEnabled:
type: boolean
default: false
example: true
description: Whether or not DKIM has been enabled for this domain / identity
dkimTokens:
type: array
items:
type: string
example:
- uq1m3jjk25ckd3whl4n7y46c56r5l6aq
- u7pm38jky9ckdawhlsn7y4dcj6f5lpgq
- uhpm3jjkjjckdkwhlqn7yw6cjer5tpay
description: The tokens to be added to a DNS for verification
dkimVerificationStatus:
type: string
example: Success
description: 'The current status if the domain /identity has been verified. Ie Success, Failed, Pending'
description: DKIM attributes for a domain or identity
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
post:
security:
- userAuth:
- 'sp:notification-verify-domain-dkim:write'
operationId: createDomainDkim
tags:
- Notifications
summary: Verify domain address via dkim
description: Create a domain to be verified via DKIM (DomainKeys Identified Mail)
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
domain:
type: string
example: sailpoint.com
description: A domain address
responses:
'200':
description: List of DKIM tokens required for the verification process.
content:
application/json:
schema:
type: object
properties:
id:
type: string
example: 123b45b0-aaaa-bbbb-a7db-123456a56abc
description: New UUID associated with domain to be verified
domain:
type: string
example: sailpoint.com
description: A domain address
dkimEnabled:
default: false
example: true
description: DKIM is enabled for this domain
dkimTokens:
type: array
items:
type: string
example:
- token1
- token2
- token3
description: DKIM tokens required for authentication
dkimVerificationStatus:
type: string
example: PENDING
description: Status of DKIM authentication
description: Domain status DTO containing everything required to verify via DKIM
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'405':
description: 'Method Not Allowed - indicates that the server knows the request method, but the target resource doesn''t support this method.'
content:
application/json:
schema:
type: object
properties:
errorName:
description: A message describing the error
example: NotSupportedException
errorMessage:
description: Description of the error
example: Cannot consume content type
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
/workgroups:
get:
operationId: listWorkgroups
tags:
- Governance Groups
summary: List governance groups
description: This API returns list of Governance Groups
parameters:
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in, sw*
**name**: *eq, sw, in*
**memberships.identityId**: *eq, in*
example: name sw "Test"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified, id, description**
example: 'name,-modified'
required: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of Governance Groups
content:
application/json:
schema:
type: array
items:
type: object
properties:
owner:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- type: object
properties:
displayName:
readOnly: true
description: The display name of the identity
type: string
example: Support
emailAddress:
readOnly: true
description: The primary email address of the identity
type: string
example: support@sailpoint.com
description: Governance group owner.
id:
type: string
description: Governance group ID.
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Governance group name.
example: DB Access Governance Group
description:
type: string
description: Governance group description.
example: Description of the Governance Group
memberCount:
type: integer
format: int64
example: 1641498673000
readOnly: true
description: Number of members in the governance group.
connectionCount:
type: integer
format: int64
example: 1641498673000
description: Number of connections in the governance group.
readOnly: true
created:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
modified:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:workgroup:read'
post:
operationId: createWorkgroup
security:
- userAuth:
- 'idn:workgroup:write'
tags:
- Governance Groups
summary: Create a new governance group.
description: This API creates a new Governance Group.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
owner:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- type: object
properties:
displayName:
readOnly: true
description: The display name of the identity
type: string
example: Support
emailAddress:
readOnly: true
description: The primary email address of the identity
type: string
example: support@sailpoint.com
description: Governance group owner.
id:
type: string
description: Governance group ID.
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Governance group name.
example: DB Access Governance Group
description:
type: string
description: Governance group description.
example: Description of the Governance Group
memberCount:
type: integer
format: int64
example: 1641498673000
readOnly: true
description: Number of members in the governance group.
connectionCount:
type: integer
format: int64
example: 1641498673000
description: Number of connections in the governance group.
readOnly: true
created:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
modified:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
responses:
'200':
description: Governance Group object created.
content:
application/json:
schema:
type: object
properties:
owner:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- type: object
properties:
displayName:
readOnly: true
description: The display name of the identity
type: string
example: Support
emailAddress:
readOnly: true
description: The primary email address of the identity
type: string
example: support@sailpoint.com
description: Governance group owner.
id:
type: string
description: Governance group ID.
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Governance group name.
example: DB Access Governance Group
description:
type: string
description: Governance group description.
example: Description of the Governance Group
memberCount:
type: integer
format: int64
example: 1641498673000
readOnly: true
description: Number of members in the governance group.
connectionCount:
type: integer
format: int64
example: 1641498673000
description: Number of connections in the governance group.
readOnly: true
created:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
modified:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/workgroups/{id}':
get:
operationId: getWorkgroup
tags:
- Governance Groups
summary: Get governance group by id
description: This API returns a Governance Groups by its ID.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: ID of the Governance Group
example: 2c9180837ca6693d017ca8d097500149
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: A Governance Group
content:
application/json:
schema:
type: object
properties:
owner:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- type: object
properties:
displayName:
readOnly: true
description: The display name of the identity
type: string
example: Support
emailAddress:
readOnly: true
description: The primary email address of the identity
type: string
example: support@sailpoint.com
description: Governance group owner.
id:
type: string
description: Governance group ID.
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Governance group name.
example: DB Access Governance Group
description:
type: string
description: Governance group description.
example: Description of the Governance Group
memberCount:
type: integer
format: int64
example: 1641498673000
readOnly: true
description: Number of members in the governance group.
connectionCount:
type: integer
format: int64
example: 1641498673000
description: Number of connections in the governance group.
readOnly: true
created:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
modified:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:workgroup:read'
- applicationAuth:
- 'idn:workgroup:read'
x-sailpoint-userLevels:
- ORG_ADMIN
delete:
operationId: deleteWorkgroup
tags:
- Governance Groups
summary: Delete a governance group
description: This API deletes a Governance Group by its ID.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: ID of the Governance Group
example: 2c9180837ca6693d017ca8d097500149
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:workgroup:write'
- applicationAuth:
- 'idn:workgroup:write'
x-sailpoint-userLevels:
- ORG_ADMIN
patch:
operationId: patchWorkgroup
tags:
- Governance Groups
summary: Patch a governance group
description: |-
This API updates an existing governance group by ID. The following fields and objects are patchable:
* name
* description
* owner
parameters:
- in: path
name: id
required: true
schema:
type: string
description: ID of the Governance Group
example: 2c9180837ca6693d017ca8d097500149
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
examples:
Replace Description:
description: Replace description of a Governance Group.
value:
- op: replace
path: /description
value: Governance Group new description.
responses:
'200':
description: A Governance Group.
content:
application/json:
schema:
type: object
properties:
owner:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
- type: object
properties:
displayName:
readOnly: true
description: The display name of the identity
type: string
example: Support
emailAddress:
readOnly: true
description: The primary email address of the identity
type: string
example: support@sailpoint.com
description: Governance group owner.
id:
type: string
description: Governance group ID.
example: 2c91808568c529c60168cca6f90c1313
readOnly: true
name:
type: string
description: Governance group name.
example: DB Access Governance Group
description:
type: string
description: Governance group description.
example: Description of the Governance Group
memberCount:
type: integer
format: int64
example: 1641498673000
readOnly: true
description: Number of members in the governance group.
connectionCount:
type: integer
format: int64
example: 1641498673000
description: Number of connections in the governance group.
readOnly: true
created:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
modified:
type: string
format: date-time
example: '2022-01-06T19:51:13Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:workgroup:write'
- applicationAuth:
- 'idn:workgroup:write'
x-sailpoint-userLevels:
- ORG_ADMIN
/workgroups/bulk-delete:
post:
operationId: deleteWorkgroupsInBulk
summary: Delete governance group(s)
tags:
- Governance Groups
description: |-
This API initiates a bulk deletion of one or more Governance Groups.
> If any of the indicated Governance Groups have one or more connections associated with it,then those Governance Groups will be added in **inUse** list of the response. Governance Group(s) marked as **inUse** can not be deleted.
> If any of the indicated Governance Groups is not does not exists in Organization,then those Governance Groups will be added in **notFound** list of the response. Governance Groups marked as **notFound** will not be deleted.
> If any of the indicated Governance Groups does not have any connections associated with it,then those Governance Groups will be added in **deleted** list of the response. A Governance Group marked as **deleted** will be deleted from current Organization.
> If the request contains any **inUse** or **notFound** Governance Group IDs then it skips only these Governance Groups for deletion and deletes the rest of Governance Groups which have no connections associated with it.
> **This API has limit number of Governance Groups can be deleted at one time. If the request contains more then 100 Governance Groups IDs to be deleted then the API will throw an exception.**
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
ids:
description: List of IDs of Governance Groups to be deleted.
type: array
items:
type: string
example:
- 567a697e-885b-495a-afc5-d55e1c23a302
- c7b0f7b2-1e78-4063-b294-a555333dacd2
example:
ids:
- 567a697e-885b-495a-afc5-d55e1c23a302
- c7b0f7b2-1e78-4063-b294-a555333dacd2
responses:
'207':
description: Governance Group bulk delete response.
content:
application/json:
schema:
description: Bulk remove Governance Groups Response.
type: array
items:
type: object
properties:
id:
description: Id of the Governance Group.
type: string
example: 464ae7bf791e49fdb74606a2e4a89635
status:
type: integer
format: int32
description: |
The HTTP response status code returned for an individual Governance Group that is requested for deletion during a bulk delete operation.
> 204 - Governance Group deleted successfully.
> 409 - Governance Group is in use,hence can not be deleted.
> 404 - Governance Group not found.
example: 204
description:
description: |
Human readable status description and containing additional context information about success or failures etc.
example: |
> Governance Group deleted successfully.
> Unable to delete Governance Group f80bba83-98c4-4ec2-81c8-373c00e9663b because it is in use.
> Referenced Governance Group 2b711763-ed35-42a2-a80c-8f1ce0dc4a7f was not found.
type: string
required:
- id
- status
example:
- id: 464ae7bf791e49fdb74606a2e4a89635
status: 204
description: Governance Group deleted successfully.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:workgroup:write'
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
'/workgroups/{workgroupId}/connections':
get:
operationId: listConnections
tags:
- Governance Groups
summary: List connections for governance group
description: This API returns list of connections associated with a Governance Group.
parameters:
- name: workgroupId
in: path
description: ID of the Governance Group.
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: 'name,-modified'
required: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List all connections associated with a Governance Group.
content:
application/json:
schema:
type: array
items:
type: object
properties:
object:
allOf:
- type: object
properties:
type:
allOf:
- type: string
enum:
- ACCESS_PROFILE
- ROLE
- SOD_POLICY
- SOURCE
description: 'An enumeration of the types of Objects associated with a Governance Group. Supported object types are ACCESS_PROFILE, ROLE, SOD_POLICY and SOURCE.'
example: ACCESS_PROFILE
- description: Connection Object type
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable name of Connected object
example: Employee-database-read-write
description:
type: string
nullable: true
description: Description of the Connected object.
example: Collection of entitlements to read/write the employee database.
- description: Connected object to Governance Group
connectionType:
description: Connection Type.
type: string
enum:
- AccessRequestReviewer
- Owner
- ManagementWorkgroup
example: AccessRequestReviewer
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:workgroup:read'
'/workgroups/{workgroupId}/members':
get:
operationId: listWorkgroupMembers
tags:
- Governance Groups
summary: List governance group members
description: This API returns list of members associated with a Governance Group.
parameters:
- name: workgroupId
in: path
description: ID of the Governance Group.
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: limit
description: |-
Note that for this API the maximum value for limit is 50.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 50
schema:
type: integer
format: int32
minimum: 0
maximum: 50
default: 50
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: 'name,-modified'
required: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List all members associated with a Governance Group.
content:
application/json:
schema:
type: array
items:
type: object
description: Identity of workgroup member.
properties:
type:
type: string
description: Workgroup member identity DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Workgroup member identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Workgroup member identity display name.
example: Michael Michaels
email:
type: string
description: Workgroup member identity email.
example: michael.michaels@sailpoint.com
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:workgroup:read'
'/workgroups/{workgroupId}/members/bulk-add':
post:
operationId: updateWorkgroupMembers
security:
- userAuth:
- 'idn:workgroup:write'
tags:
- Governance Groups
summary: Add members to governance group
description: |-
This API adds one or more members to a Governance Group. A token with API, ORG_ADMIN authority is required to call this API.
> **Following field of Identity is an optional field in the request.**
> **name**
parameters:
- name: workgroupId
in: path
description: ID of the Governance Group.
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
description: List of identities to be added to a Governance Group members list.
required: true
content:
application/json:
schema:
description: List of identities to be added or removed to a Governance Group members list.
type: array
items:
type: object
description: Identity's basic details.
properties:
type:
type: string
description: Identity's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Identity's display name.
example: Michael Michaels
example:
- type: IDENTITY
id: 464ae7bf791e49fdb74606a2e4a89635
name: Addie Smith
responses:
'207':
description: List of added and not added identities into Governance Group members list.
content:
application/json:
schema:
description: Bulk add Governance Group members Response.
type: array
items:
type: object
properties:
id:
description: Identifier of identity in bulk member add request.
type: string
example: 464ae7bf791e49fdb74606a2e4a89635
status:
description: |
The HTTP response status code returned for an individual member that is requested for addition during a bulk add operation.
The HTTP response status code returned for an individual Governance Group is requested for deletion.
> 201 - Identity is added into Governance Group members list.
> 409 - Identity is already member of Governance Group.
type: integer
format: int32
example: 201
description:
description: |
Human readable status description and containing additional context information about success or failures etc.
type: string
example: |
> Identity is added into Governance Group members list.
> Unable to set Membership of Identity "3244d5f2d04447498520f54c6789ae33" to Governance Group "f80bba83-98c4-4ec2-81c8-373c00e9663b"; the relationship already exists.
required:
- id
- status
example:
- id: 464ae7bf791e49fdb74606a2e4a89635
status: 201
description: Identity added to Governance Group members list.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/workgroups/{workgroupId}/members/bulk-delete':
post:
operationId: deleteWorkgroupMembers
security:
- userAuth:
- 'idn:workgroup:write'
- applicationAuth:
- 'idn:workgroup:write'
x-sailpoint-userLevels:
- ORG_ADMIN
tags:
- Governance Groups
summary: Remove members from governance group
description: |-
This API removes one or more members from a Governance Group. A
> **Following field of Identity is an optional field in the request.**
> **name**
parameters:
- name: workgroupId
in: path
description: ID of the Governance Group.
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
description: List of identities to be removed from a Governance Group members list.
required: true
content:
application/json:
schema:
description: List of identities to be added or removed to a Governance Group members list.
type: array
items:
type: object
description: Identity's basic details.
properties:
type:
type: string
description: Identity's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Identity ID.
example: 2c7180a46faadee4016fb4e018c20642
name:
type: string
description: Identity's display name.
example: Michael Michaels
example:
- type: IDENTITY
id: 464ae7bf791e49fdb74606a2e4a89635
name: Addie Smith
responses:
'207':
description: List of deleted and not deleted identities from Governance Group members list.
content:
application/json:
schema:
description: Bulk add Governance Group members Response.
type: array
items:
type: object
properties:
id:
description: Identifier of identity in bulk member add /remove request.
type: string
example: 464ae7bf791e49fdb74606a2e4a89635
status:
description: |
The HTTP response status code returned for an individual member that is requested for deletion during a bulk delete operation.
> 204 - Identity is removed from Governance Group members list.
> 404 - Identity is not member of Governance Group.
type: integer
format: int32
example: 204
description:
description: |
Human readable status description and containing additional context information about success or failures etc.
type: string
example: |
> Identity deleted from Governance Group members list.
> Referenced Governance Group Member with Identity Id "bc3a744678534eb78a8002ee2085df64" was not found.
required:
- id
- status
example:
- id: 464ae7bf791e49fdb74606a2e4a89635
status: 204
description: Identity deleted from Governance Group members list.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/form-definitions:
get:
tags:
- Custom Forms
summary: Export form definitions by tenant.
description: No parameters required.
operationId: searchFormDefinitionsByTenant
parameters:
- name: offset
in: query
description: |-
Offset
Integer specifying the offset of the first result from the beginning of the collection. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results).
The offset value is record-based, not page-based, and the index starts at 0.
schema:
type: integer
format: int64
default: 0
x-go-name: Offset
example: 250
required: false
x-go-name: Offset
- name: limit
in: query
description: |-
Limit
Integer specifying the maximum number of records to return in a single API call. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results).
If it is not specified, a default limit is used.
schema:
type: integer
format: int64
maxLength: 250
minLength: 0
default: 250
x-go-name: Limit
example: 250
required: false
x-go-name: Limit
- name: filters
in: query
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *eq, gt, sw, in*
**description**: *eq, gt, sw, in*
**created**: *eq, gt, sw, in*
**modified**: *eq, gt, sw, in*
schema:
type: string
x-go-name: Filters
example: name sw "my form"
required: false
x-go-name: Filters
- name: sorters
in: query
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, description, created, modified**
schema:
type: string
default: name
x-go-name: Sorters
example: name
required: false
x-go-name: Sorters
responses:
'200':
description: Returns a list of form definitions by tenant
content:
application/json:
schema:
properties:
count:
description: Count number of results.
example: 1
format: int64
type: integer
results:
description: List of FormDefinitionResponse items.
items:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
- ARRAY
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: true
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
type: object
properties:
validationType:
description: 'The type of data validation that you wish to enforce, e.g., a required field, a minimum length, etc.'
example: REQUIRED
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
type: string
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
type: object
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
post:
tags:
- Custom Forms
summary: Creates a form definition.
operationId: createFormDefinition
requestBody:
description: Body is the request payload to create form definition request
content:
application/json:
schema:
properties:
description:
description: Description is the form definition description
example: My form description
maxLength: 2000
minLength: 0
type: string
x-go-name: Description
formConditions:
description: FormConditions is the conditional logic that modify the form dynamically modify the form as the recipient is interacting out the form
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
type: string
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
formElements:
description: FormElements is a list of nested form elements
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: true
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
type: object
properties:
validationType:
description: 'The type of data validation that you wish to enforce, e.g., a required field, a minimum length, etc.'
example: REQUIRED
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formInput:
description: FormInput is a list of form inputs that are required when creating a form-instance object
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
- ARRAY
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
name:
description: Name is the form definition name
example: My form
maxLength: 255
type: string
x-go-name: Name
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: UsedBy is a list of objects where when any system uses a particular form it reaches out to the form service to record it is currently being used
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
required:
- name
- owner
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
example:
name: my form
description: my form description
owner:
type: IDENTITY
id: 00000000-0000-0000-0000-000000000000
formElements:
- id: '000000000000'
elementType: SECTION
config:
alignment: LEFT
description: 'elementType must be ''SECTION'' for the root formElements, child formElements must be within the ''config'' attribute'
label: Section
labelStyle: h2
showLabel: true
formElements:
- id: '0000000000000'
key: textField
elementType: TEXT
config:
default: ''
description: ''
helpText: form element type text
label: Text Field
placeholder: ''
required: false
validations: []
required: false
responses:
'201':
description: Returns a new form definition
content:
application/json:
schema:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
- ARRAY
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: true
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
type: object
properties:
validationType:
description: 'The type of data validation that you wish to enforce, e.g., a required field, a minimum length, etc.'
example: REQUIRED
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
type: string
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
x-codegen-request-body-name: Body
'/form-definitions/{formDefinitionID}':
get:
tags:
- Custom Forms
summary: Return a form definition.
description: 'Parameter `{formDefinitionID}` should match a form definition ID.'
operationId: getFormDefinitionByKey
parameters:
- name: formDefinitionID
in: path
description: Form definition ID
required: true
x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant
schema:
type: string
x-go-name: FormDefinitionID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormDefinitionID
responses:
'200':
description: Returns a form definition
content:
application/json:
schema:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
- ARRAY
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: true
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
type: object
properties:
validationType:
description: 'The type of data validation that you wish to enforce, e.g., a required field, a minimum length, etc.'
example: REQUIRED
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
type: string
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
delete:
tags:
- Custom Forms
summary: Deletes a form definition.
description: 'Parameter `{formDefinitionID}` should match a form definition ID.'
operationId: deleteFormDefinition
parameters:
- name: formDefinitionID
in: path
description: Form definition ID
required: true
x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant
schema:
type: string
x-go-name: FormDefinitionID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormDefinitionID
responses:
'204':
description: Returns an empty body
content:
application/json:
schema:
title: Nil represents the predeclared value nil.
type: object
x-go-package: go/types
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
patch:
tags:
- Custom Forms
summary: Patch a form definition.
description: 'Parameter `{formDefinitionID}` should match a form definition ID.'
operationId: patchFormDefinition
parameters:
- name: formDefinitionID
in: path
description: Form definition ID
required: true
x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant
schema:
type: string
x-go-name: FormDefinitionID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormDefinitionID
requestBody:
description: 'Body is the request payload to patch a form definition, check: https://jsonpatch.com'
content:
application/json:
schema:
title: Patch is an ordered collection of Operations.
description: Patch is an ordered collection of Operations.
type: array
example:
- op: replace
path: /description
value: a new description
items:
title: 'Operation is a single JSON-Patch step, such as a single ''add'' operation.'
type: object
additionalProperties:
type: object
properties: {}
x-go-package: github.com/evanphx/json-patch
x-go-package: github.com/evanphx/json-patch
example:
- op: replace
path: /description
value: test-description
required: false
responses:
'200':
description: Returns the form definition updated
content:
application/json:
schema:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
- ARRAY
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: true
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
type: object
properties:
validationType:
description: 'The type of data validation that you wish to enforce, e.g., a required field, a minimum length, etc.'
example: REQUIRED
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
type: string
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
'/form-definitions/{formDefinitionID}/data-source':
post:
tags:
- Custom Forms
summary: Preview form definition data source.
operationId: showPreviewDataSource
parameters:
- name: formDefinitionID
in: path
description: Form definition ID
required: true
x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant
schema:
type: string
x-go-name: FormDefinitionID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormDefinitionID
- name: limit
in: query
description: |-
Limit
Integer specifying the maximum number of records to return in a single API call. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results).
If it is not specified, a default limit is used.
schema:
type: integer
format: int64
maxLength: 250
minLength: 0
default: 10
x-go-name: Limit
example: 10
required: false
x-go-name: Limit
- name: filters
in: query
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**value**: *eq, ne, in*
Supported composite operators: *not*
Only a single *not* may be used, and it can only be used with the `in` operator. The `not` composite operator must be used in front of the field. For example, the following is valid: `not value in ("ID01")`
schema:
type: string
x-go-name: Filters
example: value eq "ID01"
required: false
x-go-name: Filters
- name: query
in: query
description: 'String that is passed to the underlying API to filter other (non-ID) fields. For example, for access profile data sources, this string will be passed to the access profile api and used with a "starts with" filter against several fields.'
schema:
type: string
x-go-name: Query
example: ac
required: false
x-go-name: Query
requestBody:
description: Body is the request payload to create a form definition dynamic schema
content:
application/json:
schema:
properties:
dataSource:
properties:
config:
properties:
aggregationBucketField:
description: AggregationBucketField is the aggregation bucket field name
example: attributes.cloudStatus.exact
type: string
x-go-name: AggregationBucketField
indices:
description: Indices is a list of indices to use
example:
- identities
items:
enum:
- accessprofiles
- accountactivities
- entitlements
- identities
- events
- roles
- '*'
type: string
x-go-enum-desc: |-
accessprofiles SearchIndexAccessProfiles
accountactivities SearchIndexAccountActivities
entitlements SearchIndexEntitlements
identities SearchIndexIdentities
events SearchIndexEvents
roles SearchIndexRoles
* SearchIndexWildcard
type: array
x-go-name: Indices
objectType:
description: |-
ObjectType is a PreDefinedSelectOption value
IDENTITY PreDefinedSelectOptionIdentity
ACCESS_PROFILE PreDefinedSelectOptionAccessProfile
SOURCES PreDefinedSelectOptionSources
ROLE PreDefinedSelectOptionRole
ENTITLEMENT PreDefinedSelectOptionEntitlement
enum:
- IDENTITY
- ACCESS_PROFILE
- SOURCES
- ROLE
- ENTITLEMENT
example: IDENTITY
type: string
x-go-enum-desc: |-
IDENTITY PreDefinedSelectOptionIdentity
ACCESS_PROFILE PreDefinedSelectOptionAccessProfile
SOURCES PreDefinedSelectOptionSources
ROLE PreDefinedSelectOptionRole
ENTITLEMENT PreDefinedSelectOptionEntitlement
x-go-name: ObjectType
query:
description: Query is a text
example: '*'
type: string
x-go-name: Query
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
dataSourceType:
description: |-
DataSourceType is a FormElementDataSourceType value
STATIC FormElementDataSourceTypeStatic
INTERNAL FormElementDataSourceTypeInternal
SEARCH FormElementDataSourceTypeSearch
FORM_INPUT FormElementDataSourceTypeFormInput
enum:
- STATIC
- INTERNAL
- SEARCH
- FORM_INPUT
example: STATIC
type: string
x-go-enum-desc: |-
STATIC FormElementDataSourceTypeStatic
INTERNAL FormElementDataSourceTypeInternal
SEARCH FormElementDataSourceTypeSearch
FORM_INPUT FormElementDataSourceTypeFormInput
x-go-name: DataSourceType
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
required: false
responses:
'200':
description: Returns a preview of a form definition data source
content:
application/json:
schema:
description: 'PreviewDataSourceResponse is the response sent by `/form-definitions/{formDefinitionID}/data-source` endpoint'
properties:
results:
description: Results holds a list of FormElementDataSourceConfigOptions items
example: '{"results":[{"label":"Alfred 255e71dfc6e","subLabel":"Alfred.255e71dfc6e@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e16676"},{"label":"Alize eba9d4cd27da","subLabel":"Alize.eba9d4cd27da@testmail.identitysoon.com","value":"2c918084821847c5018227ced2f1667c"},{"label":"Antonina 01f69c3ea","subLabel":"Antonina.01f69c3ea@testmail.identitysoon.com","value":"2c918084821847c5018227ced2f9667e"},{"label":"Ardella 21e78ce155","subLabel":"Ardella.21e78ce155@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e6667a"},{"label":"Arnaldo d8582b6e17","subLabel":"Arnaldo.d8582b6e17@testmail.identitysoon.com","value":"2c918084821847c5018227ced3426686"},{"label":"Aurelia admin24828","subLabel":"Aurelia.admin24828@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e16674"},{"label":"Barbara 72ca418fdd","subLabel":"Barbara.72ca418fdd@testmail.identitysoon.com","value":"2c918084821847c5018227ced2fb6680"},{"label":"Barbara ee1a2436ee","subLabel":"Barbara.ee1a2436ee@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e56678"},{"label":"Baylee 652d72432f3","subLabel":"Baylee.652d72432f3@testmail.identitysoon.com","value":"2c91808582184782018227ced28b6aee"},{"label":"Brock e76b56ae4d49","subLabel":"Brock.e76b56ae4d49@testmail.identitysoon.com","value":"2c91808582184782018227ced28b6aef"}]}'
items:
type: object
properties:
label:
description: Label is the main label to display to the user when selecting this option
type: string
example: regression-test-access-request-07c55dd6-3056-430a-86b5-fccc395bb6c5
x-go-name: Label
subLabel:
description: SubLabel is the sub label to display below the label in diminutive styling to help describe or identify this option
type: string
example: ''
x-go-name: SubLabel
value:
description: Value is the value to save as an entry when the user selects this option
type: string
example: e96674448eba4ca1ba04eee999a8f3cd
x-go-name: Value
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Results
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
/form-definitions/export:
get:
tags:
- Custom Forms
summary: List form definitions by tenant.
description: No parameters required.
operationId: exportFormDefinitionsByTenant
parameters:
- name: offset
in: query
description: |-
Offset
Integer specifying the offset of the first result from the beginning of the collection. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results).
The offset value is record-based, not page-based, and the index starts at 0.
schema:
type: integer
format: int64
default: 0
minimum: 0
x-go-name: Offset
example: 0
required: false
x-go-name: Offset
- name: limit
in: query
description: |-
Limit
Integer specifying the maximum number of records to return in a single API call. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results).
If it is not specified, a default limit is used.
schema:
type: integer
format: int64
minimum: 0
maximum: 250
default: 250
x-go-name: Limit
example: 250
required: false
x-go-name: Limit
- name: filters
in: query
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *eq, gt, sw, in*
**description**: *eq, gt, sw, in*
**created**: *eq, gt, sw, in*
**modified**: *eq, gt, sw, in*
schema:
type: string
x-go-name: Filters
example: name sw "my form"
required: false
x-go-name: Filters
- name: sorters
in: query
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, description, created, modified**
schema:
type: string
default: name
x-go-name: Sorters
example: name
required: false
x-go-name: Sorters
responses:
'200':
description: Returns a list of form definition objects by tenant used by SP-Config
content:
application/json:
schema:
type: array
items:
type: object
properties:
object:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
- ARRAY
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: true
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
type: object
properties:
validationType:
description: 'The type of data validation that you wish to enforce, e.g., a required field, a minimum length, etc.'
example: REQUIRED
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
type: string
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
self:
type: object
properties:
object:
type: object
description: Self block for imported/exported object.
properties:
type:
type: string
description: Imported/exported object's DTO type.
enum:
- FORM_DEFINITION
example: FORM_DEFINITION
id:
type: string
description: Imported/exported object's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Imported/exported object's display name.
example: Temporary User Level Permissions - Requester
x-go-name: Self
version:
type: integer
format: int32
x-go-name: Version
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
/form-definitions/forms-action-dynamic-schema:
post:
tags:
- Custom Forms
summary: Generate json schema dynamically.
operationId: createFormDefinitionDynamicSchema
requestBody:
description: Body is the request payload to create a form definition dynamic schema
content:
application/json:
schema:
properties:
attributes:
properties:
formDefinitionId:
description: FormDefinitionID is a unique guid identifying this form definition
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
type: object
x-go-name: Attributes
description:
description: Description is the form definition dynamic schema description text
example: A description
type: string
x-go-name: Description
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: Type is the form definition dynamic schema type
example: action
type: string
x-go-name: Type
versionNumber:
description: VersionNumber is the form definition dynamic schema version number
example: 1
format: int64
type: integer
x-go-name: VersionNumber
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
example:
id: 'sp:forms'
attributes:
formDefinitionId: 00000000-0000-0000-0000-000000000000
description: AnotherDescription
type: action
versionNumber: 1
required: false
responses:
'200':
description: Returns a form elements dynamic schema
content:
application/json:
schema:
properties:
outputSchema:
additionalProperties: {}
description: OutputSchema holds a JSON schema generated dynamically
example:
outputSchema:
$schema: 'https://json-schema.org/draft/2020-12/schema'
additionalProperties: false
properties:
firstName:
title: First Name
type: string
fullName:
title: Full Name
type: string
lastName:
title: Last Name
type: string
startDate:
format: date-time
title: Start Date
type: string
type: object
type: object
x-go-name: OutputSchema
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
/form-definitions/import:
post:
tags:
- Custom Forms
summary: Import form definitions from export.
operationId: importFormDefinitions
requestBody:
description: Body is the request payload to import form definitions
content:
application/json:
schema:
type: array
items:
type: object
properties:
object:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
- ARRAY
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: true
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
type: object
properties:
validationType:
description: 'The type of data validation that you wish to enforce, e.g., a required field, a minimum length, etc.'
example: REQUIRED
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
type: string
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
self:
type: string
x-go-name: Self
version:
type: integer
format: int32
x-go-name: Version
example:
- version: 1
self:
name: All fields not required
id: 05ed4edb-d0a9-41d9-ad0c-2f6e486ec4aa
type: FORM_DEFINITION
object:
id: 05ed4edb-d0a9-41d9-ad0c-2f6e486ec4aa
name: All fields not required
description: description
owner:
type: IDENTITY
id: 3447d8ec2602455ab6f1e8408a0f0150
usedBy:
- type: WORKFLOW
id: 5008594c-dacc-4295-8fee-41df60477304
- type: WORKFLOW
id: 97e75a75-c179-4fbc-a2da-b5fa4aaa8743
formInput:
- type: STRING
label: input1
description: 'A single dynamic scalar value (i.e. number, string, date, etc) that can be passed into the form for use in conditional logic'
formElements:
- id: '3069272797630701'
elementType: SECTION
config:
label: First Section
formElements:
- id: '3069272797630700'
elementType: TEXT
key: firstName
config:
label: First Name
- id: '3498415402897539'
elementType: TEXT
key: lastName
config:
label: Last Name
formConditions:
- ruleOperator: AND
rules:
- sourceType: INPUT
source: Department
operator: EQ
valueType: STRING
value: Sales
effects:
- effectType: HIDE
config:
element: '2614088730489570'
created: '2022-10-04T19:27:04.456Z'
modified: '2022-11-16T20:45:02.172Z'
required: false
responses:
'202':
description: Returns statuses of those form definition objects imported
content:
application/json:
schema:
type: object
properties:
errors:
type: array
items:
type: object
properties:
detail:
type: object
additionalProperties:
type: object
x-go-name: Detail
key:
type: string
x-go-name: Key
text:
type: string
x-go-name: Text
x-go-name: Errors
importedObjects:
type: array
items:
type: object
properties:
object:
properties:
id:
description: Unique guid identifying the form definition.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
name:
description: Name of the form definition.
example: My form
type: string
x-go-name: Name
description:
description: Form definition's description.
example: My form description
type: string
x-go-name: Description
owner:
properties:
type:
description: |-
FormOwnerType value.
IDENTITY FormOwnerTypeIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormOwnerTypeIdentity
x-go-name: Type
id:
description: Unique identifier of the form's owner.
example: 2c9180867624cbd7017642d8c8c81f67
type: string
x-go-name: ID
name:
description: Name of the form's owner.
example: Grant Smith
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
usedBy:
description: 'List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it.'
items:
properties:
type:
description: |-
FormUsedByType value.
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
MySailPoint FormUsedByType
enum:
- WORKFLOW
- SOURCE
- MySailPoint
example: WORKFLOW
type: string
x-go-enum-desc: |-
WORKFLOW FormUsedByTypeWorkflow
SOURCE FormUsedByTypeSource
x-go-name: Type
id:
description: Unique identifier of the system using the form.
example: 61940a92-5484-42bc-bc10-b9982b218cdf
type: string
x-go-name: ID
name:
description: Name of the system using the form.
example: Access Request Form
type: string
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: UsedBy
formInput:
description: List of form inputs required to create a form-instance object.
items:
properties:
id:
description: Unique identifier for the form input.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
FormDefinitionInputType value.
STRING FormDefinitionInputTypeString
enum:
- STRING
- ARRAY
example: STRING
type: string
x-go-enum-desc: STRING FormDefinitionInputTypeString
x-go-name: Type
label:
description: Name for the form input.
example: input1
type: string
x-go-name: Label
description:
description: Form input's description.
example: 'A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic'
type: string
x-go-name: Description
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormInput
formElements:
description: List of nested form elements.
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: true
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
type: object
properties:
validationType:
description: 'The type of data validation that you wish to enforce, e.g., a required field, a minimum length, etc.'
example: REQUIRED
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formConditions:
description: Conditional logic that can dynamically modify the form as the recipient is interacting with it.
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
type: string
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
created:
description: Created is the date the form definition was created
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
modified:
description: Modified is the last date the form definition was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
self:
type: string
x-go-name: Self
version:
type: integer
format: int32
x-go-name: Version
x-go-name: ImportedObjects
infos:
type: array
items:
type: object
properties:
detail:
type: object
additionalProperties:
type: object
x-go-name: Detail
key:
type: string
x-go-name: Key
text:
type: string
x-go-name: Text
x-go-name: Infos
warnings:
type: array
items:
type: object
properties:
detail:
type: object
additionalProperties:
type: object
x-go-name: Detail
key:
type: string
x-go-name: Key
text:
type: string
x-go-name: Text
x-go-name: Warnings
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
'/form-definitions/{formDefinitionID}/upload':
post:
tags:
- Custom Forms
summary: Upload new form definition file.
description: 'Parameter `{formDefinitionID}` should match a form definition ID.'
operationId: createFormDefinitionFileRequest
parameters:
- name: formDefinitionID
in: path
description: |-
FormDefinitionID
String specifying FormDefinitionID
required: true
x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant
example: 00000000-0000-0000-0000-000000000000
schema:
type: string
x-go-name: FormDefinitionID
x-go-name: FormDefinitionID
requestBody:
content:
multipart/form-data:
schema:
type: object
required:
- file
properties:
file:
type: string
description: File specifying the multipart
format: binary
x-go-name: File
encoding:
file:
contentType: 'image/png, image/jpeg'
required: true
responses:
'201':
description: Returns a new form definition file
content:
application/json:
schema:
type: object
properties:
created:
type: string
description: Created is the date the file was uploaded
example: '2023-07-12T20:14:57.74486Z'
x-go-name: Created
fileId:
type: string
description: fileId is a unique ULID that serves as an identifier for the form definition file
example: 01FHZXHK8PTP9FVK99Z66GXQTX.png
x-go-name: FileID
formDefinitionId:
type: string
description: FormDefinitionID is a unique guid identifying this form definition
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormDefinitionID
x-go-package: github.com/sailpoint/sp-forms/internal/rest/response
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'413':
description: An error with payload size too large
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'415':
description: An error with unsupported media type
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'503':
description: An external service is not available
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
'/form-definitions/{formDefinitionID}/file/{fileID}':
get:
tags:
- Custom Forms
summary: Download definition file by fileid.
operationId: getFileFromS3
parameters:
- name: formDefinitionID
in: path
description: |-
FormDefinitionID
Form definition ID
required: true
x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant
example: 00000000-0000-0000-0000-000000000000
schema:
type: string
x-go-name: FormDefinitionID
x-go-name: FormDefinitionID
- name: fileID
in: path
description: |-
FileID
String specifying the hashed name of the uploaded file we are retrieving.
required: true
x-sailpoint-resource-operation-id: createFormDefinitionFileRequest
example: 00000031N0J7R2B57M8YG73J7M.png
schema:
type: string
x-go-name: FileID
x-go-name: FileID
responses:
'200':
description: Returns a file that is referred to by fileID and associated with the formDefinitionID
content:
application/json:
schema:
type: string
format: binary
image/jpeg:
schema:
type: string
format: binary
image/png:
schema:
type: string
format: binary
application/octet-stream:
schema:
type: string
format: binary
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'503':
description: An external service is not available
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
/form-instances:
get:
tags:
- Custom Forms
summary: List form instances by tenant.
description: No parameters required.
operationId: searchFormInstancesByTenant
responses:
'200':
description: Returns a list of form instances by tenant
content:
application/json:
schema:
type: array
items:
type: object
properties:
count:
description: Count number of Results
type: integer
format: int64
example: 1
x-go-name: Count
results:
description: Results holds a list of FormInstanceResponse items
type: array
items:
properties:
created:
description: Created is the date the form instance was assigned
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
createdBy:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a form instance created by type enum value
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
enum:
- WORKFLOW_EXECUTION
- SOURCE
example: WORKFLOW_EXECUTION
type: string
x-go-enum-desc: |-
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
expire:
description: Expire is the maximum amount of time that a form can be in progress. After this time is reached then the form will be moved to a CANCELED state automatically. The user will no longer be able to complete the submission. When a form instance is expires an audit log will be generated for that record
example: '2023-08-12T20:14:57.74486Z'
type: string
x-go-name: Expire
formConditions:
description: FormConditions is the conditional logic that modify the form dynamically modify the form as the recipient is interacting out the form
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
type: string
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
formData:
nullable: true
additionalProperties: true
description: FormData is the data provided by the form on submit. The data is in a key -> value map
example:
department: Engineering
type: object
x-go-name: FormData
formDefinitionId:
description: FormDefinitionID is the id of the form definition that created this form
example: 49841cb8-00a5-4fbd-9888-8bbb28d48331
type: string
x-go-name: FormDefinitionID
formElements:
description: 'FormElements is the configuration of the form, this would be a repeat of the fields from the form-config'
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: true
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
type: object
properties:
validationType:
description: 'The type of data validation that you wish to enforce, e.g., a required field, a minimum length, etc.'
example: REQUIRED
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formErrors:
description: FormErrors is an array of form validation errors from the last time the form instance was transitioned to the SUBMITTED state. If the form instance had validation errors then it would be moved to the IN PROGRESS state where the client can retrieve these errors
items:
properties:
key:
description: Key is the technical key
example: department
type: string
x-go-name: Key
messages:
description: Messages is a list of web.ErrorMessage items
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
type: array
x-go-name: Messages
value:
description: Value is the value associated with a Key
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormErrors
formInput:
additionalProperties: {}
nullable: true
description: FormInput is an object of form input labels to value
example:
input1: Sales
type: object
x-go-name: FormInput
id:
description: Unique guid identifying this form instance
example: 06a2d961-07fa-44d1-8d0a-2f6470e30fd2
type: string
x-go-name: FormInstanceID
modified:
description: Modified is the last date the form instance was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
recipients:
description: Recipients references to the recipient of a form. The recipients are those who are responsible for filling out a form and completing it
items:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a FormInstanceRecipientType value
IDENTITY FormInstanceRecipientIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormInstanceRecipientIdentity
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Recipients
standAloneForm:
default: false
description: StandAloneForm is a boolean flag to indicate if this form should be available for users to complete via the standalone form UI or should this only be available to be completed by as an embedded form
example: false
type: boolean
x-go-name: StandAloneForm
standAloneFormUrl:
description: StandAloneFormURL is the URL where this form may be completed by the designated recipients using the standalone form UI
example: 'https://my-org.identitynow.com/ui/d/forms/00000000-0000-0000-0000-000000000000'
type: string
x-go-name: StandAloneFormURL
state:
description: |-
State the state of the form instance
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
enum:
- ASSIGNED
- IN_PROGRESS
- SUBMITTED
- COMPLETED
- CANCELLED
example: ASSIGNED
type: string
x-go-enum-desc: |-
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
x-go-name: State
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
x-go-name: Results
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
post:
tags:
- Custom Forms
summary: Creates a form instance.
operationId: createFormInstance
requestBody:
description: Body is the request payload to create a form instance
content:
application/json:
schema:
properties:
createdBy:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a form instance created by type enum value
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
enum:
- WORKFLOW_EXECUTION
- SOURCE
example: WORKFLOW_EXECUTION
type: string
x-go-enum-desc: |-
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
expire:
description: Expire is required
example: '2023-08-12T20:14:57.74486Z'
type: string
x-go-name: Expire
formDefinitionId:
description: FormDefinitionID is the id of the form definition that created this form
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: FormDefinitionID
formInput:
additionalProperties: true
description: FormInput is an object of form input labels to value
example:
input1: Sales
type: object
x-go-name: FormInput
recipients:
description: Recipients is required
items:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a FormInstanceRecipientType value
IDENTITY FormInstanceRecipientIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormInstanceRecipientIdentity
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Recipients
standAloneForm:
default: false
description: StandAloneForm is a boolean flag to indicate if this form should be available for users to complete via the standalone form UI or should this only be available to be completed by as an embedded form
example: false
type: boolean
x-go-name: StandAloneForm
state:
description: |-
State is required, if not present initial state is FormInstanceStateAssigned
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
enum:
- ASSIGNED
- IN_PROGRESS
- SUBMITTED
- COMPLETED
- CANCELLED
example: ASSIGNED
type: string
x-go-enum-desc: |-
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
x-go-name: State
ttl:
description: |-
TTL an epoch timestamp in seconds, it most be in seconds or dynamodb will ignore it
SEE: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/time-to-live-ttl-before-you-start.html
example: 1571827560
format: int64
type: integer
x-go-name: TTL
required:
- expire
- recipients
- createdBy
- formDefinitionId
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
example:
expire: '2023-06-20T15:57:55.332882Z'
formDefinitionId: 00000000-0000-0000-0000-000000000000
recipients:
- type: IDENTITY
id: an-identity-id
createdBy:
type: WORKFLOW_EXECUTION
id: a-workflow-execution-id
required: false
responses:
'201':
description: Returns a new form instance
content:
application/json:
schema:
properties:
created:
description: Created is the date the form instance was assigned
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
createdBy:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a form instance created by type enum value
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
enum:
- WORKFLOW_EXECUTION
- SOURCE
example: WORKFLOW_EXECUTION
type: string
x-go-enum-desc: |-
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
expire:
description: Expire is the maximum amount of time that a form can be in progress. After this time is reached then the form will be moved to a CANCELED state automatically. The user will no longer be able to complete the submission. When a form instance is expires an audit log will be generated for that record
example: '2023-08-12T20:14:57.74486Z'
type: string
x-go-name: Expire
formConditions:
description: FormConditions is the conditional logic that modify the form dynamically modify the form as the recipient is interacting out the form
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
type: string
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
formData:
nullable: true
additionalProperties: true
description: FormData is the data provided by the form on submit. The data is in a key -> value map
example:
department: Engineering
type: object
x-go-name: FormData
formDefinitionId:
description: FormDefinitionID is the id of the form definition that created this form
example: 49841cb8-00a5-4fbd-9888-8bbb28d48331
type: string
x-go-name: FormDefinitionID
formElements:
description: 'FormElements is the configuration of the form, this would be a repeat of the fields from the form-config'
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: true
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
type: object
properties:
validationType:
description: 'The type of data validation that you wish to enforce, e.g., a required field, a minimum length, etc.'
example: REQUIRED
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formErrors:
description: FormErrors is an array of form validation errors from the last time the form instance was transitioned to the SUBMITTED state. If the form instance had validation errors then it would be moved to the IN PROGRESS state where the client can retrieve these errors
items:
properties:
key:
description: Key is the technical key
example: department
type: string
x-go-name: Key
messages:
description: Messages is a list of web.ErrorMessage items
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
type: array
x-go-name: Messages
value:
description: Value is the value associated with a Key
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormErrors
formInput:
additionalProperties: {}
nullable: true
description: FormInput is an object of form input labels to value
example:
input1: Sales
type: object
x-go-name: FormInput
id:
description: Unique guid identifying this form instance
example: 06a2d961-07fa-44d1-8d0a-2f6470e30fd2
type: string
x-go-name: FormInstanceID
modified:
description: Modified is the last date the form instance was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
recipients:
description: Recipients references to the recipient of a form. The recipients are those who are responsible for filling out a form and completing it
items:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a FormInstanceRecipientType value
IDENTITY FormInstanceRecipientIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormInstanceRecipientIdentity
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Recipients
standAloneForm:
default: false
description: StandAloneForm is a boolean flag to indicate if this form should be available for users to complete via the standalone form UI or should this only be available to be completed by as an embedded form
example: false
type: boolean
x-go-name: StandAloneForm
standAloneFormUrl:
description: StandAloneFormURL is the URL where this form may be completed by the designated recipients using the standalone form UI
example: 'https://my-org.identitynow.com/ui/d/forms/00000000-0000-0000-0000-000000000000'
type: string
x-go-name: StandAloneFormURL
state:
description: |-
State the state of the form instance
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
enum:
- ASSIGNED
- IN_PROGRESS
- SUBMITTED
- COMPLETED
- CANCELLED
example: ASSIGNED
type: string
x-go-enum-desc: |-
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
x-go-name: State
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
'/form-instances/{formInstanceID}':
get:
tags:
- Custom Forms
summary: Returns a form instance.
description: 'Parameter `{formInstanceID}` should match a form instance ID.'
operationId: getFormInstanceByKey
parameters:
- name: formInstanceID
in: path
description: Form instance ID
required: true
x-sailpoint-resource-operation-id: searchFormInstancesByTenant
schema:
type: string
x-go-name: FormInstanceID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormInstanceID
responses:
'200':
description: Returns a form instance by its key
content:
application/json:
schema:
properties:
created:
description: Created is the date the form instance was assigned
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
createdBy:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a form instance created by type enum value
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
enum:
- WORKFLOW_EXECUTION
- SOURCE
example: WORKFLOW_EXECUTION
type: string
x-go-enum-desc: |-
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
expire:
description: Expire is the maximum amount of time that a form can be in progress. After this time is reached then the form will be moved to a CANCELED state automatically. The user will no longer be able to complete the submission. When a form instance is expires an audit log will be generated for that record
example: '2023-08-12T20:14:57.74486Z'
type: string
x-go-name: Expire
formConditions:
description: FormConditions is the conditional logic that modify the form dynamically modify the form as the recipient is interacting out the form
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
type: string
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
formData:
nullable: true
additionalProperties: true
description: FormData is the data provided by the form on submit. The data is in a key -> value map
example:
department: Engineering
type: object
x-go-name: FormData
formDefinitionId:
description: FormDefinitionID is the id of the form definition that created this form
example: 49841cb8-00a5-4fbd-9888-8bbb28d48331
type: string
x-go-name: FormDefinitionID
formElements:
description: 'FormElements is the configuration of the form, this would be a repeat of the fields from the form-config'
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: true
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
type: object
properties:
validationType:
description: 'The type of data validation that you wish to enforce, e.g., a required field, a minimum length, etc.'
example: REQUIRED
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formErrors:
description: FormErrors is an array of form validation errors from the last time the form instance was transitioned to the SUBMITTED state. If the form instance had validation errors then it would be moved to the IN PROGRESS state where the client can retrieve these errors
items:
properties:
key:
description: Key is the technical key
example: department
type: string
x-go-name: Key
messages:
description: Messages is a list of web.ErrorMessage items
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
type: array
x-go-name: Messages
value:
description: Value is the value associated with a Key
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormErrors
formInput:
additionalProperties: {}
nullable: true
description: FormInput is an object of form input labels to value
example:
input1: Sales
type: object
x-go-name: FormInput
id:
description: Unique guid identifying this form instance
example: 06a2d961-07fa-44d1-8d0a-2f6470e30fd2
type: string
x-go-name: FormInstanceID
modified:
description: Modified is the last date the form instance was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
recipients:
description: Recipients references to the recipient of a form. The recipients are those who are responsible for filling out a form and completing it
items:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a FormInstanceRecipientType value
IDENTITY FormInstanceRecipientIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormInstanceRecipientIdentity
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Recipients
standAloneForm:
default: false
description: StandAloneForm is a boolean flag to indicate if this form should be available for users to complete via the standalone form UI or should this only be available to be completed by as an embedded form
example: false
type: boolean
x-go-name: StandAloneForm
standAloneFormUrl:
description: StandAloneFormURL is the URL where this form may be completed by the designated recipients using the standalone form UI
example: 'https://my-org.identitynow.com/ui/d/forms/00000000-0000-0000-0000-000000000000'
type: string
x-go-name: StandAloneFormURL
state:
description: |-
State the state of the form instance
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
enum:
- ASSIGNED
- IN_PROGRESS
- SUBMITTED
- COMPLETED
- CANCELLED
example: ASSIGNED
type: string
x-go-enum-desc: |-
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
x-go-name: State
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth: []
patch:
tags:
- Custom Forms
summary: Patch a form instance.
description: 'Parameter `{formInstanceID}` should match a form instance ID.'
operationId: patchFormInstance
parameters:
- name: formInstanceID
in: path
description: Form instance ID
required: true
x-sailpoint-resource-operation-id: searchFormInstancesByTenant
schema:
type: string
x-go-name: FormInstanceID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormInstanceID
requestBody:
description: 'Body is the request payload to patch a form instance, check: https://jsonpatch.com'
content:
application/json:
schema:
title: Patch is an ordered collection of Operations.
description: Patch is an ordered collection of Operations.
type: array
example:
- op: replace
path: /description
value: a new description
items:
title: 'Operation is a single JSON-Patch step, such as a single ''add'' operation.'
type: object
additionalProperties:
type: object
properties: {}
x-go-package: github.com/evanphx/json-patch
x-go-package: github.com/evanphx/json-patch
example:
- op: replace
path: /state
value: SUBMITTED
- op: replace
path: /formData
value:
a-key-1: a-value-1
a-key-2: true
a-key-3: 1
required: false
responses:
'200':
description: Returns the form instance updated
content:
application/json:
schema:
properties:
created:
description: Created is the date the form instance was assigned
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Created
createdBy:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a form instance created by type enum value
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
enum:
- WORKFLOW_EXECUTION
- SOURCE
example: WORKFLOW_EXECUTION
type: string
x-go-enum-desc: |-
WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution
SOURCE FormInstanceCreatedByTypeSource
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
expire:
description: Expire is the maximum amount of time that a form can be in progress. After this time is reached then the form will be moved to a CANCELED state automatically. The user will no longer be able to complete the submission. When a form instance is expires an audit log will be generated for that record
example: '2023-08-12T20:14:57.74486Z'
type: string
x-go-name: Expire
formConditions:
description: FormConditions is the conditional logic that modify the form dynamically modify the form as the recipient is interacting out the form
items:
description: Represent a form conditional.
properties:
ruleOperator:
description: |-
ConditionRuleLogicalOperatorType value.
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
enum:
- AND
- OR
example: AND
type: string
x-go-enum-desc: |-
AND ConditionRuleLogicalOperatorTypeAnd
OR ConditionRuleLogicalOperatorTypeOr
x-go-name: RuleOperator
rules:
description: List of rules.
items:
properties:
sourceType:
description: |-
Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key).
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
enum:
- INPUT
- ELEMENT
example: ELEMENT
type: string
x-go-enum-desc: |-
INPUT ConditionRuleSourceTypeInput
ELEMENT ConditionRuleSourceTypeElement
x-go-name: SourceType
source:
description: |-
Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement,
the source is the name of a technical key of an element to retrieve its value.
example: department
type: string
x-go-name: Source
operator:
description: |-
ConditionRuleComparisonOperatorType value.
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
enum:
- EQ
- NE
- CO
- NOT_CO
- IN
- NOT_IN
- EM
- NOT_EM
- SW
- NOT_SW
- EW
- NOT_EW
example: EQ
type: string
x-go-enum-desc: |-
EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality.
NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality.
CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value.
NOT_CO ConditionRuleComparisonOperatorTypeNotContains
IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values.
NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes
EM ConditionRuleComparisonOperatorTypeEmpty
NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty
SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive.
NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith
EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive.
NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith
x-go-name: Operator
valueType:
description: |-
ConditionRuleValueType type.
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
enum:
- STRING
- STRING_LIST
- INPUT
- ELEMENT
- LIST
- BOOLEAN
example: STRING
type: string
x-go-enum-desc: |-
STRING ConditionRuleValueTypeString This value is a static string.
STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values.
INPUT ConditionRuleValueTypeInput This value is a reference to a form input.
ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key).
LIST ConditionRuleValueTypeList
BOOLEAN ConditionRuleValueTypeBoolean
x-go-name: ValueType
value:
type: string
description: Based on the ValueType.
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Rules
effects:
description: List of effects.
items:
description: Effect produced by a condition.
properties:
effectType:
description: |-
Type of effect to perform when the conditions are evaluated for this logic block.
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
enum:
- HIDE
- SHOW
- DISABLE
- ENABLE
- REQUIRE
- OPTIONAL
- SUBMIT_MESSAGE
- SUBMIT_NOTIFICATION
- SET_DEFAULT_VALUE
example: HIDE
type: string
x-go-enum-desc: |-
HIDE ConditionEffectTypeHide Disables validations.
SHOW ConditionEffectTypeShow Enables validations.
DISABLE ConditionEffectTypeDisable Disables validations.
ENABLE ConditionEffectTypeEnable Enables validations.
REQUIRE ConditionEffectTypeRequire
OPTIONAL ConditionEffectTypeOptional
SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage
SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification
SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose.
x-go-name: EffectType
config:
description: Arbitrary map containing a configuration based on the EffectType.
type: object
properties:
defaultValueLabel:
type: string
description: Effect type's label.
example: Access to Remove
element:
type: string
description: Element's identifier.
example: 8110662963316867
x-go-name: Config
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Effects
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormConditions
formData:
nullable: true
additionalProperties: true
description: FormData is the data provided by the form on submit. The data is in a key -> value map
example:
department: Engineering
type: object
x-go-name: FormData
formDefinitionId:
description: FormDefinitionID is the id of the form definition that created this form
example: 49841cb8-00a5-4fbd-9888-8bbb28d48331
type: string
x-go-name: FormDefinitionID
formElements:
description: 'FormElements is the configuration of the form, this would be a repeat of the fields from the form-config'
items:
properties:
id:
description: Form element identifier.
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
elementType:
description: |-
FormElementType value.
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMN_SET FormElementTypeColumns
IMAGE FormElementTypeImage
DESCRIPTION FormElementTypeDescription
enum:
- TEXT
- TOGGLE
- TEXTAREA
- HIDDEN
- PHONE
- EMAIL
- SELECT
- DATE
- SECTION
- COLUMN_SET
- IMAGE
- DESCRIPTION
example: TEXT
type: string
x-go-name: ElementType
config:
additionalProperties: true
description: Config object.
example:
label: Department
type: object
x-go-name: Config
x-go-enum-desc: |-
TEXT FormElementTypeText
TOGGLE FormElementTypeToggle
TEXTAREA FormElementTypeTextArea
HIDDEN FormElementTypeHidden
PHONE FormElementTypePhone
EMAIL FormElementTypeEmail
SELECT FormElementTypeSelect
DATE FormElementTypeDate
SECTION FormElementTypeSection
COLUMNS FormElementTypeColumns
key:
description: Technical key.
example: department
type: string
x-go-name: Key
validations:
nullable: true
type: array
items:
description: Set of FormElementValidation items.
type: object
properties:
validationType:
description: 'The type of data validation that you wish to enforce, e.g., a required field, a minimum length, etc.'
example: REQUIRED
type: string
enum:
- REQUIRED
- MIN_LENGTH
- MAX_LENGTH
- REGEX
- DATE
- MAX_DATE
- MIN_DATE
- LESS_THAN_DATE
- PHONE
- EMAIL
- DATA_SOURCE
- TEXTAREA
x-go-package: github.com/sailpoint/sp-forms/domain
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormElements
formErrors:
description: FormErrors is an array of form validation errors from the last time the form instance was transitioned to the SUBMITTED state. If the form instance had validation errors then it would be moved to the IN PROGRESS state where the client can retrieve these errors
items:
properties:
key:
description: Key is the technical key
example: department
type: string
x-go-name: Key
messages:
description: Messages is a list of web.ErrorMessage items
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
type: array
x-go-name: Messages
value:
description: Value is the value associated with a Key
example: Engineering
x-go-name: Value
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: FormErrors
formInput:
additionalProperties: {}
nullable: true
description: FormInput is an object of form input labels to value
example:
input1: Sales
type: object
x-go-name: FormInput
id:
description: Unique guid identifying this form instance
example: 06a2d961-07fa-44d1-8d0a-2f6470e30fd2
type: string
x-go-name: FormInstanceID
modified:
description: Modified is the last date the form instance was modified
example: '2023-07-12T20:14:57.74486Z'
format: date-time
type: string
x-go-name: Modified
recipients:
description: Recipients references to the recipient of a form. The recipients are those who are responsible for filling out a form and completing it
items:
properties:
id:
description: ID is a unique identifier
example: 00000000-0000-0000-0000-000000000000
type: string
x-go-name: ID
type:
description: |-
Type is a FormInstanceRecipientType value
IDENTITY FormInstanceRecipientIdentity
enum:
- IDENTITY
example: IDENTITY
type: string
x-go-enum-desc: IDENTITY FormInstanceRecipientIdentity
x-go-name: Type
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Recipients
standAloneForm:
default: false
description: StandAloneForm is a boolean flag to indicate if this form should be available for users to complete via the standalone form UI or should this only be available to be completed by as an embedded form
example: false
type: boolean
x-go-name: StandAloneForm
standAloneFormUrl:
description: StandAloneFormURL is the URL where this form may be completed by the designated recipients using the standalone form UI
example: 'https://my-org.identitynow.com/ui/d/forms/00000000-0000-0000-0000-000000000000'
type: string
x-go-name: StandAloneFormURL
state:
description: |-
State the state of the form instance
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
enum:
- ASSIGNED
- IN_PROGRESS
- SUBMITTED
- COMPLETED
- CANCELLED
example: ASSIGNED
type: string
x-go-enum-desc: |-
ASSIGNED FormInstanceStateAssigned
IN_PROGRESS FormInstanceStateInProgress
SUBMITTED FormInstanceStateSubmitted
COMPLETED FormInstanceStateCompleted
CANCELLED FormInstanceStateCancelled
x-go-name: State
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'409':
description: An error with the request property conflicts with stored
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth: []
x-codegen-request-body-name: Body
'/form-instances/{formInstanceID}/data-source/{formElementID}':
get:
tags:
- Custom Forms
summary: Retrieves dynamic data by element.
description: |-
Parameter `{formInstanceID}` should match a form instance ID.
Parameter `{formElementID}` should match a form element ID at the data source configuration.
operationId: searchFormElementDataByElementID
parameters:
- name: formInstanceID
in: path
description: Form instance ID
required: true
x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant
schema:
type: string
x-go-name: FormInstanceID
example: 00000000-0000-0000-0000-000000000000
x-go-name: FormInstanceID
- name: formElementID
in: path
description: Form element ID
required: true
x-sailpoint-resource-operation-id: getFormInstanceByKey
schema:
type: string
x-go-name: FormElementID
example: 1
x-go-name: FormElementID
- name: limit
in: query
description: |-
Limit
Integer specifying the maximum number of records to return in a single API call. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results).
If it is not specified, a default limit is used.
schema:
type: integer
format: int64
maxLength: 250
minLength: 0
default: 250
x-go-name: Limit
example: 250
required: false
x-go-name: Limit
- name: filters
in: query
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**value**: *eq, ne, in*
Supported composite operators: *not*
Only a single *not* may be used, and it can only be used with the `in` operator. The `not` composite operator must be used in front of the field. For example, the following is valid: `not value in ("ID01")`
schema:
type: string
x-go-name: Filters
example: value eq "ID01"
required: false
x-go-name: Filters
- name: query
in: query
description: 'String that is passed to the underlying API to filter other (non-ID) fields. For example, for access profile data sources, this string will be passed to the access profile api and used with a "starts with" filter against several fields.'
schema:
type: string
x-go-name: Query
example: support
required: false
x-go-name: Query
responses:
'200':
description: Retrieves dynamic data to aid in correctly completing a valid form by form element ID from data source configuration
content:
application/json:
schema:
properties:
results:
description: Results holds a list of FormElementDataSourceConfigOptions items
example: '{"results":[{"label":"Alfred 255e71dfc6e","subLabel":"Alfred.255e71dfc6e@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e16676"},{"label":"Alize eba9d4cd27da","subLabel":"Alize.eba9d4cd27da@testmail.identitysoon.com","value":"2c918084821847c5018227ced2f1667c"},{"label":"Antonina 01f69c3ea","subLabel":"Antonina.01f69c3ea@testmail.identitysoon.com","value":"2c918084821847c5018227ced2f9667e"},{"label":"Ardella 21e78ce155","subLabel":"Ardella.21e78ce155@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e6667a"},{"label":"Arnaldo d8582b6e17","subLabel":"Arnaldo.d8582b6e17@testmail.identitysoon.com","value":"2c918084821847c5018227ced3426686"},{"label":"Aurelia admin24828","subLabel":"Aurelia.admin24828@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e16674"},{"label":"Barbara 72ca418fdd","subLabel":"Barbara.72ca418fdd@testmail.identitysoon.com","value":"2c918084821847c5018227ced2fb6680"},{"label":"Barbara ee1a2436ee","subLabel":"Barbara.ee1a2436ee@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e56678"},{"label":"Baylee 652d72432f3","subLabel":"Baylee.652d72432f3@testmail.identitysoon.com","value":"2c91808582184782018227ced28b6aee"},{"label":"Brock e76b56ae4d49","subLabel":"Brock.e76b56ae4d49@testmail.identitysoon.com","value":"2c91808582184782018227ced28b6aef"}]}'
items:
type: object
properties:
label:
description: Label is the main label to display to the user when selecting this option
type: string
example: regression-test-access-request-07c55dd6-3056-430a-86b5-fccc395bb6c5
x-go-name: Label
subLabel:
description: SubLabel is the sub label to display below the label in diminutive styling to help describe or identify this option
type: string
example: ''
x-go-name: SubLabel
value:
description: Value is the value to save as an entry when the user selects this option
type: string
example: e96674448eba4ca1ba04eee999a8f3cd
x-go-name: Value
x-go-package: github.com/sailpoint/sp-forms/domain
type: array
x-go-name: Results
type: object
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth: []
'/form-instances/{formInstanceID}/file/{fileID}':
get:
tags:
- Custom Forms
summary: Download instance file by fileid.
operationId: getFormInstanceFile
parameters:
- name: formInstanceID
in: path
description: |-
FormInstanceID
Form instance ID
required: true
x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant
example: 00000000-0000-0000-0000-000000000000
schema:
type: string
x-go-name: FormInstanceID
x-go-name: FormInstanceID
- name: fileID
in: path
description: |-
FileID
String specifying the hashed name of the uploaded file we are retrieving.
required: true
x-sailpoint-resource-operation-id: createFormDefinitionFileRequest
example: 00000031N0J7R2B57M8YG73J7M.png
schema:
type: string
x-go-name: FileID
x-go-name: FileID
responses:
'200':
description: Returns a file that is referred to by fileID and associated with the formInstanceID
content:
application/json:
schema:
type: string
format: binary
image/jpeg:
schema:
type: string
format: binary
image/png:
schema:
type: string
format: binary
application/octet-stream:
schema:
type: string
format: binary
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'404':
description: An error with the item not found
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'503':
description: An external service is not available
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/jpeg:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
image/png:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
application/octet-stream:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
x-codegen-request-body-name: Body
/form-definitions/predefined-select-options:
get:
tags:
- Custom Forms
summary: List predefined select options.
description: No parameters required.
operationId: searchPreDefinedSelectOptions
responses:
'200':
description: Returns a list of available predefined select options
content:
application/json:
schema:
type: object
properties:
results:
description: Results holds a list of PreDefinedSelectOption items
type: array
items:
type: string
description: PreDefinedSelectOption pre-defined select options
example: IDENTITY
x-go-package: github.com/sailpoint/sp-forms/domain
x-go-name: Results
x-go-package: github.com/sailpoint/sp-forms/domain
'400':
description: An error with the request occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'401':
description: An error with the authorization occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'403':
description: An error with the user permissions occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
'429':
description: Too many requests
content:
application/json:
schema:
title: Error is the standard API error response type.
type: object
properties:
detailCode:
description: DetailCode is the text of the status code returned
example: Internal Server Error
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
trackingId:
description: TrackingID is the request tracking unique identifier
example: 9cd03ef80e6a425eb6b11bdbb057cdb4
type: string
x-go-name: TrackingID
x-go-package: github.com/sailpoint/atlas-go/atlas/web
'500':
description: An internal server error occurred
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
x-go-name: DetailCode
messages:
type: array
items:
title: ErrorMessage is the standard API error response message type.
type: object
properties:
locale:
description: Locale is the current Locale
example: en-US
type: string
x-go-name: Locale
localeOrigin:
description: LocaleOrigin holds possible values of how the locale was selected
example: DEFAULT
type: string
x-go-name: LocaleOrigin
text:
description: Text is the actual text of the error message
example: This is an error
type: string
x-go-name: Text
x-go-package: github.com/sailpoint/atlas-go/atlas/web
x-go-name: Messages
statusCode:
type: integer
format: int64
x-go-name: StatusCode
trackingId:
type: string
x-go-name: TrackingID
security:
- userAuth:
- 'sp:forms:manage'
'/access-request-identity-metrics/{identityId}/requested-objects/{requestedObjectId}/type/{type}':
get:
tags:
- Access Request Identity Metrics
summary: Return access request identity metrics
description: Use this API to return information access metrics.
operationId: getAccessRequestIdentityMetrics
parameters:
- name: identityId
in: path
description: Manager's identity ID.
required: true
x-sailpoint-resource-operation-id: listIdentities
schema:
type: string
example: 7025c863-c270-4ba6-beea-edf3cb091573
- name: requestedObjectId
in: path
description: Requested access item's ID.
required: true
schema:
type: string
example: 2db501be-f0fb-4cc5-a695-334133c52891
x-sailpoint-resource-operation-id:
- listEntitlements
- listRoles
- listAccessProfiles
- name: type
in: path
description: Requested access item's type.
required: true
schema:
type: string
enum:
- ENTITLEMENT
- ROLE
- ACCESS_PROFILE
example: ENTITLEMENT
security:
- userAuth:
- 'idn:access-request-approvals:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
responses:
'200':
description: Summary of the resource access and source activity for the direct reports of the provided manager.
content:
application/json:
schema:
type: object
items:
type: object
properties:
identitiesWithAccess:
type: integer
format: int64
nullable: true
description: A count of the provided manager's direct reports that have already been granted the access item in question.
example: 8
identitiesWithActivity:
type: integer
format: int64
nullable: true
description: A count of the provided manager's direct reports that have activity within the associated source.
example: 5
totalIdentities:
type: integer
format: int64
nullable: true
description: Total number of identities who share a manager with the identity requesting access.
example: 10
squadAvailable:
type: boolean
default: false
description: True if the manager's ID can be found. False if the manager's ID cannot be found.
example: true
validActivityObject:
type: boolean
default: false
description: 'True if the requested access item is associated with a single Activity Data Insights connector source. False if the requested access item type is a role. If it''s a role, it matches to multiple sources, so a single relevant source can''t be determined for activity metrics.'
example: true
activitySourceConfigured:
type: boolean
default: false
description: True if the Activity Data Insights connector is configured for the source associated with the requested access item. False if the matching Activity Data Insights connector is not configured.
example: true
requestedObjectActive:
type: boolean
default: false
description: True if the requested access item exists and is available. False if the requested access item is either missing or deleted.
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/icons/{objectType}/{objectId}':
put:
operationId: setIcon
tags:
- Icons
summary: Update an icon
description: This API endpoint updates an icon by object type and object id. A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: objectType
schema:
type: string
enum:
- application
required: true
description: 'Object type. Available options [''application'']'
example: application
- in: path
name: objectId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: Object id.
example: a291e870-48c3-4953-b656-fb5ce2a93169
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
multipart/form-data:
schema:
type: object
required:
- image
properties:
image:
type: string
format: binary
description: 'file with icon. Allowed mime-types [''image/png'', ''image/jpeg'']'
example: \x00\x00\x00\x02
security:
- userAuth:
- 'idn:icons:manage'
responses:
'200':
description: Icon updated
content:
application/json:
schema:
type: object
properties:
icon:
type: string
description: url to file with icon
example: ''
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteIcon
tags:
- Icons
summary: Delete an icon
description: This API endpoint delete an icon by object type and object id. A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: objectType
schema:
type: string
enum:
- application
required: true
description: 'Object type. Available options [''application'']'
example: application
- in: path
name: objectId
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listSources
description: Object id.
example: a291e870-48c3-4953-b656-fb5ce2a93169
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
security:
- userAuth:
- 'idn:icons:manage'
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/suggested-entitlement-description-batches/{batchId}/stats':
get:
tags:
- Suggested Entitlement Description
operationId: getSedBatchStats
summary: Submit sed batch stats request
description: |
'Submit Sed Batch Stats Request.
Submits batchId in the path param `(e.g. {batchId}/stats)`. API responses with stats
of the batchId.'
parameters:
- name: batchId
in: path
description: Batch Id
schema:
type: string
format: uuid
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
required: true
x-sailpoint-resource-operation-id: getSedBatches
responses:
'200':
description: Stats of Sed batch.
content:
application/json:
schema:
description: Sed Batch Stats
type: object
properties:
batchComplete:
description: batch complete
type: boolean
example: true
default: false
batchId:
description: batch Id
format: uuid
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
discoveredCount:
description: discovered count
format: int64
type: integer
example: 100
discoveryComplete:
description: discovery complete
type: boolean
example: true
default: false
processedCount:
description: processed count
format: int64
example: 100
type: integer
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:sed:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
/suggested-entitlement-description-batches:
get:
tags:
- Suggested Entitlement Description
operationId: getSedBatches
summary: List sed batch request
description: |-
List Sed Batches.
API responses with Sed Batch Status
responses:
'200':
description: Status of batch
content:
application/json:
schema:
description: Sed Batch Status
type: object
properties:
status:
description: status of batch
type: string
example: OK
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:sed:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
post:
tags:
- Suggested Entitlement Description
operationId: submitSedBatchRequest
summary: Submit sed batch request
description: |-
Submit Sed Batch Request.
Request body has one of the following: - a list of entitlement Ids - a list of SED Ids that user wants to have description generated by LLM. API responses with batchId that groups Ids together
requestBody:
description: Sed Batch Request
content:
application/json-patch+json:
schema:
description: Sed Batch Request
type: object
minProperties: 1
properties:
entitlements:
description: list of entitlement ids
type: array
minItems: 1
items:
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
seds:
description: list of sed ids
type: array
minItems: 1
items:
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
responses:
'200':
description: Sed Batch Response
content:
application/json:
schema:
description: Sed Batch Response
type: object
properties:
batchId:
description: BatchId that groups all the ids together
format: uuid
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:sed:write'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
/suggested-entitlement-description-approvals:
post:
tags:
- Suggested Entitlement Description
summary: Submit bulk approval request
description: |-
Submit Bulk Approval Request for SED.
Request body takes list of SED Ids. API responses with list of SED Approval Status
operationId: submitSedApproval
requestBody:
description: Sed Approval
content:
application/json-patch+json:
schema:
items:
description: Sed Approval Request Body
type: object
properties:
items:
description: List of SED id's
items:
format: uuid
type: string
type: array
example: 016629d1-1d25-463f-97f3-c6686846650
type: array
required: true
responses:
'200':
description: List of SED Approval Status
content:
application/json:
schema:
items:
description: SED Approval Status
type: object
properties:
failedReason:
description: failed reason will be display if status is failed
type: string
example: invalid status
id:
description: Sed id
format: uuid
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
status:
description: SUCCESS | FAILED
example: SUCCESS
type: string
type: array
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:sed:write'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
/suggested-entitlement-description-assignments:
post:
tags:
- Suggested Entitlement Description
operationId: submitSedAssignment
summary: Submit sed assignment request
description: |-
Submit Assignment Request.
Request body has an assignee, and list of SED Ids that are assigned to that assignee API responses with batchId that groups all approval requests together
requestBody:
description: Sed Assignment Request
content:
application/json-patch+json:
schema:
description: Sed Assignment
type: object
properties:
assignee:
description: Sed Assignee
type: object
properties:
type:
description: |-
Type of assignment
When value is PERSONA, the value MUST be SOURCE_OWNER or ENTITLEMENT_OWNER
IDENTITY SED_ASSIGNEE_IDENTITY_TYPE
GROUP SED_ASSIGNEE_GROUP_TYPE
SOURCE_OWNER SED_ASSIGNEE_SOURCE_OWNER_TYPE
ENTITLEMENT_OWNER SED_ASSIGNEE_ENTITLEMENT_OWNER_TYPE
enum:
- IDENTITY
- GROUP
- SOURCE_OWNER
- ENTITLEMENT_OWNER
type: string
example: SOURCE_OWNER
value:
description: |-
Identity or Group identifier
Empty when using source/entitlement owner personas
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
required:
- type
items:
description: List of SED id's
items:
format: uuid
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
type: array
required: true
responses:
'202':
description: Sed Assignment Response
content:
application/json:
schema:
description: Sed Assignment Response
type: object
properties:
batchId:
description: BatchId that groups all the ids together
format: uuid
type: string
example: 016629d1-1d25-463f-97f3-c6686846650
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:sed:write'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
/suggested-entitlement-descriptions:
get:
tags:
- Suggested Entitlement Description
operationId: listSeds
summary: List suggested entitlement descriptions
description: |-
List of Suggested Entitlement Descriptions (SED)
SED field descriptions:
**batchId**: the ID of the batch of entitlements that are submitted for description generation
**displayName**: the display name of the entitlement that we are generating a description for
**sourceName**: the name of the source associated with the entitlement that we are generating the description for
**sourceId**: the ID of the source associated with the entitlement that we are generating the description for
**status**: the status of the suggested entitlement description, valid status options: "requested", "suggested", "not_suggested", "failed", "assigned", "approved", "denied"
**fullText**: will filter suggested entitlement description records by text found in any of the following fields: entitlement name, entitlement display name, suggested description, source name
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**batchId**: *eq, ne*
**displayName**: *eq, ne, co*
**sourceName**: *eq, ne, co*
**sourceId**: *eq, ne*
**status**: *eq, ne*
**fullText**: *co*
in: query
name: filters
example: displayName co "Read and Write"
required: false
schema:
type: string
- description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **displayName, sourceName, status**
in: query
name: sorters
required: false
example: sorters=displayName
schema:
type: string
- description: |-
If `true` it will populate the `X-Total-Count` response header with the number of results that would be returned if `limit` and `offset` were ignored.
This parameter differs from the count parameter in that this one skips executing the actual query and always return an empty array.
in: query
name: count-only
required: false
example: count-only=true
schema:
type: boolean
default: false
- description: |-
By default, the ListSeds API will only return items that you have requested to be generated.
This option will allow you to see all items that have been requested
in: query
name: requested-by-anyone
example: requested-by-anyone=true
required: false
schema:
type: boolean
default: false
- description: Will limit records to items that are in "suggested" or "approved" status
in: query
name: show-pending-status-only
example: show-pending-status-only=true
required: false
schema:
type: boolean
default: false
responses:
'200':
description: List of Suggested Entitlement Details
content:
application/json:
schema:
items:
description: Suggested Entitlement Description
type: object
properties:
Name:
type: string
description: name of the entitlement
example: BatchInvoiceProcessing
approved_by:
type: string
description: entitlement approved by
example: 2c918086-76de-afbf-0176-f6d28f65565a
approved_type:
type: string
description: entitlement approved type
example: admin
approved_when:
format: date-time
type: string
example: '2024-03-22 16:32:16.308857'
description: entitlement approved then
attribute:
type: string
description: entitlement attribute
example: Role
description:
type: string
description: description of entitlement
example: This entitlement allows automated processing of invoices in batches on a scheduled basis to streamline accounts payable procedures.
displayName:
type: string
description: entitlement display name
example: AWS-Cloud-Billing
id:
format: uuid
type: string
description: sed id
example: ead281ee-12a9-40ac-9534-36b5d7d65d53
sourceId:
type: string
description: entitlement source id
example: 103f567b93ee49b991c40f9412f87643
sourceName:
type: string
description: entitlement source name
example: IDN Salesforce
status:
type: string
description: entitlement status
example: suggested
suggestedDescription:
type: string
description: llm suggested entitlement description
example: This entitlement allows automated processing of invoices in batches on a scheduled basis to streamline accounts payable
type:
type: string
description: entitlement type
example: group
value:
type: string
description: entitlement value
example: group
type: array
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:sed:read'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
patch:
tags:
- Suggested Entitlement Description
operationId: patchSed
summary: Patch suggested entitlement description
description: Patch Suggested Entitlement Description
parameters:
- description: id is sed id
in: path
name: id
example: ebab396f-0af1-4050-89b7-dafc63ec70e7
required: true
x-sailpoint-resource-operation-id: listSeds
schema:
type: string
format: uuid
requestBody:
description: Sed Patch Request
content:
application/json-patch+json:
schema:
items:
description: Patch for Suggested Entitlement Description
type: object
properties:
op:
description: desired operation
type: string
example: replace
path:
description: field to be patched
type: string
example: status
value:
description: value to replace with
example: approved
type: array
required: true
responses:
'200':
description: detail of patched sed
content:
application/json:
schema:
description: Suggested Entitlement Description
type: object
properties:
Name:
type: string
description: name of the entitlement
example: BatchInvoiceProcessing
approved_by:
type: string
description: entitlement approved by
example: 2c918086-76de-afbf-0176-f6d28f65565a
approved_type:
type: string
description: entitlement approved type
example: admin
approved_when:
format: date-time
type: string
example: '2024-03-22 16:32:16.308857'
description: entitlement approved then
attribute:
type: string
description: entitlement attribute
example: Role
description:
type: string
description: description of entitlement
example: This entitlement allows automated processing of invoices in batches on a scheduled basis to streamline accounts payable procedures.
displayName:
type: string
description: entitlement display name
example: AWS-Cloud-Billing
id:
format: uuid
type: string
description: sed id
example: ead281ee-12a9-40ac-9534-36b5d7d65d53
sourceId:
type: string
description: entitlement source id
example: 103f567b93ee49b991c40f9412f87643
sourceName:
type: string
description: entitlement source name
example: IDN Salesforce
status:
type: string
description: entitlement status
example: suggested
suggestedDescription:
type: string
description: llm suggested entitlement description
example: This entitlement allows automated processing of invoices in batches on a scheduled basis to streamline accounts payable
type:
type: string
description: entitlement type
example: group
value:
type: string
description: entitlement value
example: group
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'idn:sed:write'
x-sailpoint-userLevels:
- ORG_ADMIN
- SOURCE_ADMIN
- SOURCE_SUBADMIN
/discovered-applications:
get:
operationId: getDiscoveredApplications
tags:
- Application Discovery
summary: Get discovered applications for tenant
description: |
Get a list of applications that have been identified within the environment. This includes details such as application names, discovery dates, potential correlated saas_vendors and related suggested connectors.
security:
- userAuth:
- 'idn:application-discovery:read'
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: detail
schema:
type: string
enum:
- SLIM
- FULL
description: 'Determines whether slim, or increased level of detail is provided for each discovered application in the returned list. SLIM is the default behavior.'
example: FULL
- in: query
name: filter
schema:
type: string
description: |
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**name**: *eq, sw, co*
**description**: *eq, sw, co*
**createdAtStart**: *eq, le, ge*
**createdAtEnd**: *eq, le, ge*
**discoveredAtStart**: *eq, le, ge*
**discoveredAtEnd**: *eq, le, ge*
**discoverySource**: *eq, in*
example: 'name eq "Okta" and description co "Okta" and discoverySource in ("csv", "Okta Saas")'
required: false
style: form
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, description, discoveredAt, discoverySource**
example: name
responses:
'200':
description: 'List of discovered applications. By default, the API returns a list of SLIM discovered applications.'
content:
application/json:
schema:
type: array
items:
oneOf:
- type: object
description: Discovered applications
title: Slim Discovered Application
properties:
id:
type: string
format: uuid
description: Unique identifier for the discovered application.
example: 2d9180835d2e5168015d32f890ca1581
name:
type: string
description: Name of the discovered application.
example: ExampleApp
discoverySource:
type: string
description: Source from which the application was discovered.
example: csv
discoveredVendor:
type: string
description: The vendor associated with the discovered application.
example: ExampleVendor
description:
type: string
description: A brief description of the discovered application.
example: An application for managing examples.
recommendedConnectors:
type: array
items:
type: string
description: List of recommended connectors for the application.
example:
- ConnectorA
- ConnectorB
discoveredAt:
type: string
format: date-time
description: 'The timestamp when the application was last received via an entitlement aggregation invocation or a manual csv upload, in ISO 8601 format.'
example: '2023-01-01T12:00:00Z'
createdAt:
type: string
format: date-time
description: 'The timestamp when the application was first discovered, in ISO 8601 format.'
example: '2023-01-01T12:00:00Z'
status:
type: string
description: |-
The status of an application within the discovery source.
By default this field is set to "ACTIVE" when the application is discovered.
If an application has been deleted from within the discovery source, the status will be set to "INACTIVE".
example: ACTIVE
- type: object
description: Discovered applications with their respective associated sources
title: Discovered Application
properties:
id:
type: string
format: uuid
description: Unique identifier for the discovered application.
example: 2d9180835d2e5168015d32f890ca1581
name:
type: string
description: Name of the discovered application.
example: ExampleApp
discoverySource:
type: string
description: Source from which the application was discovered.
example: csv
discoveredVendor:
type: string
description: The vendor associated with the discovered application.
example: ExampleVendor
description:
type: string
description: A brief description of the discovered application.
example: An application for managing examples.
recommendedConnectors:
type: array
items:
type: string
description: List of recommended connectors for the application.
example:
- ConnectorA
- ConnectorB
discoveredAt:
type: string
format: date-time
description: 'The timestamp when the application was last received via an entitlement aggregation invocation or a manual csv upload, in ISO 8601 format.'
example: '2023-01-01T12:00:00Z'
createdAt:
type: string
format: date-time
description: 'The timestamp when the application was first discovered, in ISO 8601 format.'
example: '2023-01-01T12:00:00Z'
status:
type: string
description: |-
The status of an application within the discovery source.
By default this field is set to "ACTIVE" when the application is discovered.
If an application has been deleted from within the discovery source, the status will be set to "INACTIVE".
example: ACTIVE
associatedSources:
type: array
items:
type: string
format: uuid
description: List of associated sources related to this discovered application.
example:
- e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
- a0303682-5e4a-44f7-bdc2-6ce6112549c1
examples:
Slim Discovered Application:
description: List of discovered applications
value:
- id: 09d88a67-bae8-422c-a09b-f7a72f5ab032
name: Example App
discoverySource: csv
discoveredVendor: Example Vendor
description: An application for managing examples.
recommendedConnectors:
- ConnectorA
- ConnectorB
discoveredAt: '2023-07-01T12:00:00Z'
createdAt: '2024-06-01T12:00:00Z'
status: ACTIVE
- id: 59310a1e-0d8f-42fa-95aa-b82b263de7f6
name: Sample Tracker
discoverySource: Okta SaaS
discoveredVendor: Sample Vendor
description: A tool for monitoring and managing samples.
recommendedConnectors:
- ConnectorC
- ConnectorD
discoveredAt: '2023-08-15T08:00:00Z'
createdAt: '2024-05-20T08:00:00Z'
status: ACTIVE
- id: dfe675cb-f689-475f-99f1-49e348449867
name: Demo Manager
discoverySource: Okta SaaS
discoveredVendor: Demo Provider
description: Software to demonstrate basic functionalities.
recommendedConnectors:
- ConnectorE
- ConnectorF
discoveredAt: '2023-09-10T15:00:00Z'
createdAt: '2024-07-03T15:00:00Z'
status: ACTIVE
Discovered Application:
description: List of discovered applications with their respective associated sources
value:
- id: 6f672248-2dac-4cf5-9531-fca0719cbb4a
name: Example App
discoverySource: csv
discoveredVendor: Example Vendor
description: An application for managing examples.
recommendedConnectors:
- ConnectorA
- ConnectorB
discoveredAt: '2023-07-01T12:00:00Z'
createdAt: '2024-06-01T12:00:00Z'
status: ACTIVE
associatedSources:
- e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
- id: b3a3a704-6a45-45ee-a501-bbc332388222
name: Sample Tracker
discoverySource: Okta SaaS
discoveredVendor: Sample Vendor
description: A tool for monitoring and managing samples.
recommendedConnectors:
- ConnectorC
- ConnectorD
discoveredAt: '2023-08-15T08:00:00Z'
createdAt: '2024-05-20T08:00:00Z'
status: ACTIVE
associatedSources:
- a3b159f2-5f09-43c9-b40e-a6f317aa5b8f
- e0cc5d7d-bf7f-4f81-b2af-8885b09d9923
- id: 1d070458-faed-4a6c-8990-918ad70a06ee
name: Demo Manager
discoverySource: Okta SaaS
discoveredVendor: Demo Provider
description: Software to demonstrate basic functionalities.
recommendedConnectors:
- ConnectorE
- ConnectorF
discoveredAt: '2023-09-10T15:00:00Z'
createdAt: '2024-07-03T15:00:00Z'
status: ACTIVE
associatedSources:
- 4e2d7605-833f-4c34-8d03-5b2c7d2f4f66
- f9b7e2ce-aced-4117-a95f-4ffad8b33989
- a3b159f2-5f09-43c9-b40e-a6f317aa5b8f
- id: 9be7c5a5-9f37-46ba-965a-e5b9453472c6
name: Task Organizer
discoverySource: Manual Entry
discoveredVendor: Organizer Solutions
description: An application designed to help teams manage tasks and projects efficiently.
recommendedConnectors:
- ConnectorG
- ConnectorH
discoveredAt: '2023-10-05T14:00:00Z'
createdAt: '2024-08-01T14:00:00Z'
status: ACTIVE
associatedSources: []
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/manual-discover-applications-template:
get:
summary: Download csv template for discovery
tags:
- Application Discovery
description: |
Download an example CSV file with two columns `application_name` and `description`. The CSV file contains a single row with the values 'Example Application' and 'Example Description'.
The downloaded template is specifically designed for use with the `/manual-discover-applications` endpoint.
security:
- userAuth:
- 'idn:application-discovery:read'
operationId: getManualDiscoverApplicationsCsvTemplate
responses:
'200':
description: A CSV file download was successful.
content:
text/csv:
schema:
type: object
properties:
application_name:
type: string
description: Name of the application.
example: Example Application
description:
type: string
description: Description of the application.
example: Example Description
example: |
application_name,description
Example Application,Example Description
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/manual-discover-applications:
post:
summary: Upload csv to discover applications
tags:
- Application Discovery
description: |-
Uploading a CSV file with application data for manual correlation to specific ISC connectors.
If a suitable ISC connector is unavailable, the system will recommend generic connectors instead.
security:
- userAuth:
- 'idn:application-discovery:write'
operationId: sendManualDiscoverApplicationsCsvTemplate
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
description: The CSV file to upload containing `application_name` and `description` columns. Each row represents an application to be discovered.
example: |-
application_name,description
"Sample App","This is a sample description for Sample App."
"Another App","Description for Another App."
required:
- file
responses:
'200':
description: The CSV has been successfully processed.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/vendor-connector-mappings:
get:
security:
- userAuth:
- 'idn:application-discovery:read'
operationId: getVendorConnectorMappings
tags:
- Vendor Connector Mappings
summary: List vendor connector mappings
description: |
Get a list of mappings between SaaS vendors and ISC connectors, detailing the connections established for correlation.
responses:
'200':
description: Successfully retrieved list.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The unique identifier for the vendor-connector mapping.
example: 78733556-9ea3-4f59-bf69-e5cd92b011b4
vendor:
type: string
description: The name of the vendor.
example: Example vendor
connector:
type: string
description: The name of the connector.
example: Example connector
createdAt:
type: string
format: date-time
description: The creation timestamp of the mapping.
example: '2024-03-13T12:56:19.391294Z'
createdBy:
type: string
description: The identifier of the user who created the mapping.
example: admin
updatedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was last updated, represented in ISO 8601 format.'
example: '2024-03-14T12:56:19.391294Z'
Valid:
type: boolean
description: A flag indicating if the 'Time' field is set and valid.
default: false
example: true
description: An object representing the nullable timestamp of the last update.
updatedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who last updated the mapping, if available.'
example: user-67891
Valid:
type: boolean
description: A flag indicating if the 'String' field is set and valid.
default: false
example: true
description: An object representing the nullable identifier of the user who last updated the mapping.
deletedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was deleted, represented in ISO 8601 format, if applicable.'
example: '0001-01-01T00:00:00Z'
Valid:
type: boolean
description: 'A flag indicating if the ''Time'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable timestamp of when the mapping was deleted.
deletedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who deleted the mapping, if applicable.'
example: ''
Valid:
type: boolean
description: 'A flag indicating if the ''String'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable identifier of the user who deleted the mapping.
example:
- id: 78733556-9ea3-4f59-bf69-e5cd92b011b4
vendor: Example Vendor
connector: Example Connector
createdAt: '2024-03-13T12:56:19.391294Z'
createdBy: admin
updatedAt:
Time: '2024-03-14T12:56:19.391294Z'
Valid: true
updatedBy:
String: user-67891
Valid: true
deletedAt:
Time: '0001-01-01T00:00:00Z'
Valid: false
deletedBy:
String: ''
Valid: false
- id: 78733556-9ea3-4f59-bf69-e5cd92b011b5
vendor: Another Corporation
connector: Another Connector
createdAt: '2024-04-13T11:46:19.391294Z'
createdBy: admin
updatedAt:
Time: '0001-01-01T00:00:00Z'
Valid: false
updatedBy:
String: ''
Valid: false
deletedAt:
Time: '0001-01-01T00:00:00Z'
Valid: false
deletedBy:
String: ''
Valid: false
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'405':
description: 'Method Not Allowed - indicates that the server knows the request method, but the target resource doesn''t support this method.'
content:
application/json:
schema:
type: object
properties:
errorName:
description: A message describing the error
example: NotSupportedException
errorMessage:
description: Description of the error
example: Cannot consume content type
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
security:
- userAuth:
- 'idn:application-discovery:write'
operationId: createVendorConnectorMapping
tags:
- Vendor Connector Mappings
summary: Create vendor connector mapping
description: |
Create a new mapping between a SaaS vendor and an ISC connector to establish correlation paths.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The unique identifier for the vendor-connector mapping.
example: 78733556-9ea3-4f59-bf69-e5cd92b011b4
vendor:
type: string
description: The name of the vendor.
example: Example vendor
connector:
type: string
description: The name of the connector.
example: Example connector
createdAt:
type: string
format: date-time
description: The creation timestamp of the mapping.
example: '2024-03-13T12:56:19.391294Z'
createdBy:
type: string
description: The identifier of the user who created the mapping.
example: admin
updatedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was last updated, represented in ISO 8601 format.'
example: '2024-03-14T12:56:19.391294Z'
Valid:
type: boolean
description: A flag indicating if the 'Time' field is set and valid.
default: false
example: true
description: An object representing the nullable timestamp of the last update.
updatedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who last updated the mapping, if available.'
example: user-67891
Valid:
type: boolean
description: A flag indicating if the 'String' field is set and valid.
default: false
example: true
description: An object representing the nullable identifier of the user who last updated the mapping.
deletedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was deleted, represented in ISO 8601 format, if applicable.'
example: '0001-01-01T00:00:00Z'
Valid:
type: boolean
description: 'A flag indicating if the ''Time'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable timestamp of when the mapping was deleted.
deletedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who deleted the mapping, if applicable.'
example: ''
Valid:
type: boolean
description: 'A flag indicating if the ''String'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable identifier of the user who deleted the mapping.
responses:
'200':
description: Successfully created a new vendor connector mapping.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The unique identifier for the vendor-connector mapping.
example: 78733556-9ea3-4f59-bf69-e5cd92b011b4
vendor:
type: string
description: The name of the vendor.
example: Example vendor
connector:
type: string
description: The name of the connector.
example: Example connector
createdAt:
type: string
format: date-time
description: The creation timestamp of the mapping.
example: '2024-03-13T12:56:19.391294Z'
createdBy:
type: string
description: The identifier of the user who created the mapping.
example: admin
updatedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was last updated, represented in ISO 8601 format.'
example: '2024-03-14T12:56:19.391294Z'
Valid:
type: boolean
description: A flag indicating if the 'Time' field is set and valid.
default: false
example: true
description: An object representing the nullable timestamp of the last update.
updatedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who last updated the mapping, if available.'
example: user-67891
Valid:
type: boolean
description: A flag indicating if the 'String' field is set and valid.
default: false
example: true
description: An object representing the nullable identifier of the user who last updated the mapping.
deletedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was deleted, represented in ISO 8601 format, if applicable.'
example: '0001-01-01T00:00:00Z'
Valid:
type: boolean
description: 'A flag indicating if the ''Time'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable timestamp of when the mapping was deleted.
deletedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who deleted the mapping, if applicable.'
example: ''
Valid:
type: boolean
description: 'A flag indicating if the ''String'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable identifier of the user who deleted the mapping.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'405':
description: 'Method Not Allowed - indicates that the server knows the request method, but the target resource doesn''t support this method.'
content:
application/json:
schema:
type: object
properties:
errorName:
description: A message describing the error
example: NotSupportedException
errorMessage:
description: Description of the error
example: Cannot consume content type
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
security:
- userAuth:
- 'idn:application-discovery:write'
operationId: deleteVendorConnectorMapping
tags:
- Vendor Connector Mappings
summary: Delete vendor connector mapping
description: |
Soft delete a mapping between a SaaS vendor and an ISC connector, removing the established correlation.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The unique identifier for the vendor-connector mapping.
example: 78733556-9ea3-4f59-bf69-e5cd92b011b4
vendor:
type: string
description: The name of the vendor.
example: Example vendor
connector:
type: string
description: The name of the connector.
example: Example connector
createdAt:
type: string
format: date-time
description: The creation timestamp of the mapping.
example: '2024-03-13T12:56:19.391294Z'
createdBy:
type: string
description: The identifier of the user who created the mapping.
example: admin
updatedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was last updated, represented in ISO 8601 format.'
example: '2024-03-14T12:56:19.391294Z'
Valid:
type: boolean
description: A flag indicating if the 'Time' field is set and valid.
default: false
example: true
description: An object representing the nullable timestamp of the last update.
updatedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who last updated the mapping, if available.'
example: user-67891
Valid:
type: boolean
description: A flag indicating if the 'String' field is set and valid.
default: false
example: true
description: An object representing the nullable identifier of the user who last updated the mapping.
deletedAt:
type: object
nullable: true
properties:
Time:
type: string
format: date-time
description: 'The timestamp when the mapping was deleted, represented in ISO 8601 format, if applicable.'
example: '0001-01-01T00:00:00Z'
Valid:
type: boolean
description: 'A flag indicating if the ''Time'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable timestamp of when the mapping was deleted.
deletedBy:
type: object
nullable: true
properties:
String:
type: string
description: 'The identifier of the user who deleted the mapping, if applicable.'
example: ''
Valid:
type: boolean
description: 'A flag indicating if the ''String'' field is set and valid, i.e., if the mapping has been deleted.'
default: false
example: false
description: An object representing the nullable identifier of the user who deleted the mapping.
responses:
'200':
description: Successfully deleted the specified vendor connector mapping.
content:
application/json:
schema:
type: object
properties:
count:
type: integer
description: The number of vendor connector mappings successfully deleted.
example: 1
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/source-apps/{id}':
get:
operationId: getSourceApp
tags:
- Apps
summary: Get source app by id
description: This API returns a source app by its ID.
security:
- userAuth:
- 'idn:app-roles:read'
parameters:
- name: id
in: path
description: ID of the source app
required: true
x-sailpoint-resource-operation-id: listAllSourceApp
schema:
type: string
example: 2c91808a7813090a017814121e121518
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Responds with the source app.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The source app id
example: 2c91808874ff91550175097daaec161c
cloudAppId:
type: string
description: The deprecated source app id
example: '9854520'
name:
type: string
description: The source app name
example: my app
created:
type: string
description: Time when the source app was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the source app was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
enabled:
type: boolean
default: false
description: True if the source app is enabled
example: true
provisionRequestEnabled:
type: boolean
default: false
description: True if the source app is provision request enabled
example: true
description:
type: string
nullable: false
description: The description of the source app
example: the source app for engineers
matchAllAccounts:
type: boolean
default: false
description: True if the source app match all accounts
example: true
appCenterEnabled:
type: boolean
default: true
description: True if the source app is shown in the app center
example: true
accountSource:
type: object
nullable: true
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
useForPasswordManagement:
type: boolean
default: false
description: If the source is used for password management
example: ture
passwordPolicies:
type: array
nullable: true
description: The password policies for the source
items:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
example:
- type: PASSWORD_POLICY
id: 006a072ecc6647f68bba9f4a4ad34649
name: Password Policy 1
owner:
type: object
nullable: true
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: The owner of source app
example:
id: 85d173e7d57e496569df763231d6deb6a
type: IDENTITY
name: John Doe
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
patch:
operationId: patchSourceApp
tags:
- Apps
summary: Patch source app by id
description: |-
This API updates an existing source app using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
The following fields are patchable: **name**, **description**, **enabled**, **owner**, **provisionRequestEnabled**, **appCenterEnabled**, **accountSource**, **matchAllAccounts** and **accessProfiles**.
Name, description and owner can't be empty or null.
security:
- userAuth:
- 'idn:app-roles:manage'
parameters:
- name: id
in: path
description: ID of the source app to patch
required: true
x-sailpoint-resource-operation-id: listAllSourceApp
schema:
type: string
example: 2c91808a7813090a017814121e121518
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /enabled
value: true
examples:
Make an app enabled and matchAllAccounts in one call:
description: This example shows how multiple fields may be updated with a single patch call.
value:
- op: replace
path: /enabled
value: true
- op: replace
path: /matchAllAccounts
value: true
Replace an owner for an source app:
description: This example shows how to use patch to replace the source app's owner by replacing the owner's info.
value:
- op: replace
path: /owner
value:
id: 2c9180858315595501831958427e5424
Update the description for the source app:
description: This example shows how to use patch to update a description for the source app.
value:
- op: replace
path: /description
value: new description for the source app
Update the name for the source app:
description: This example shows how to use patch to update the source app's name.
value:
- op: replace
path: /name
value: source app new name
Add access profile:
description: Add one access profile to the existing list
value:
- op: add
path: /accessProfiles/-
value: 2c9180857725c14301772a93bb77242d
Replace access profiles:
description: Replace all access profiles with a new list of access profiles
value:
- op: replace
path: /accessProfiles
value:
- 2c9180857725c14301772a93bb77242d
- c9575abb5e3a4e3db82b2f989a738aa2
Remove access profile:
description: Remove the first access profile in the list
value:
- op: remove
path: /accessProfiles/0
responses:
'200':
description: Responds with the source app as updated.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The source app id
example: 2c91808874ff91550175097daaec161c
cloudAppId:
type: string
description: The deprecated source app id
example: '9854520'
name:
type: string
description: The source app name
example: my app
created:
type: string
description: Time when the source app was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the source app was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
enabled:
type: boolean
default: false
description: True if the source app is enabled
example: true
provisionRequestEnabled:
type: boolean
default: false
description: True if the source app is provision request enabled
example: true
description:
type: string
nullable: false
description: The description of the source app
example: the source app for engineers
matchAllAccounts:
type: boolean
default: false
description: True if the source app match all accounts
example: true
appCenterEnabled:
type: boolean
default: true
description: True if the source app is shown in the app center
example: true
accessProfiles:
type: array
items:
type: string
nullable: true
description: List of IDs of access profiles
example:
- 2c9180857725c14301772a93bb77242d
- c9dc28e148a24d65b3ccb5fb8ca5ddd9
accountSource:
type: object
nullable: true
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
useForPasswordManagement:
type: boolean
default: false
description: If the source is used for password management
example: ture
passwordPolicies:
type: array
nullable: true
description: The password policies for the source
items:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
example:
- type: PASSWORD_POLICY
id: 006a072ecc6647f68bba9f4a4ad34649
name: Password Policy 1
owner:
type: object
nullable: true
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: The owner of source app
example:
id: 85d173e7d57e496569df763231d6deb6a
type: IDENTITY
name: John Doe
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteSourceApp
security:
- userAuth:
- 'idn:app-roles:manage'
- 'idn:app-roles:delete'
tags:
- Apps
summary: Delete source app by id
description: Use this API to delete a specific source app
parameters:
- in: path
name: id
schema:
type: string
required: true
x-sailpoint-resource-operation-id: listAllSourceApp
description: source app ID.
example: 2c9180835d191a86015d28455b4a2329
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: Responds with the source app as deleted.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The source app id
example: 2c91808874ff91550175097daaec161c
cloudAppId:
type: string
description: The deprecated source app id
example: '9854520'
name:
type: string
description: The source app name
example: my app
created:
type: string
description: Time when the source app was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the source app was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
enabled:
type: boolean
default: false
description: True if the source app is enabled
example: true
provisionRequestEnabled:
type: boolean
default: false
description: True if the source app is provision request enabled
example: true
description:
type: string
nullable: false
description: The description of the source app
example: the source app for engineers
matchAllAccounts:
type: boolean
default: false
description: True if the source app match all accounts
example: true
appCenterEnabled:
type: boolean
default: true
description: True if the source app is shown in the app center
example: true
accountSource:
type: object
nullable: true
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
useForPasswordManagement:
type: boolean
default: false
description: If the source is used for password management
example: ture
passwordPolicies:
type: array
nullable: true
description: The password policies for the source
items:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
example:
- type: PASSWORD_POLICY
id: 006a072ecc6647f68bba9f4a4ad34649
name: Password Policy 1
owner:
type: object
nullable: true
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: The owner of source app
example:
id: 85d173e7d57e496569df763231d6deb6a
type: IDENTITY
name: John Doe
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/source-apps/bulk-update:
post:
operationId: updateSourceAppsInBulk
tags:
- Apps
summary: Bulk update source apps
description: |-
This API updates source apps using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. It can update up to 50 source apps in a batch.
The following fields can be updated: **name**, **description**, **enabled**, **owner**, **provisionRequestEnabled**, **appCenterEnabled**, **accountSource**, **matchAllAccounts**, and **accessProfiles**.
Name, description and owner can't be empty or null.
security:
- userAuth:
- 'idn:app-roles:manage'
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
content:
application/json:
schema:
type: object
properties:
appIds:
type: array
description: List of source app ids to update
maxItems: 50
items:
type: string
example:
- 2c91808a7624751a01762f19d665220d
- 2c91808a7624751a01762f19d67c220e
- 2c91808a7624751a01762f19d692220f
jsonPatch:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
description: The JSONPatch payload used to update the source app.
example:
- op: replace
path: /enabled
value: false
- op: replace
path: /matchAllAccounts
value: false
required:
- appIds
- jsonPatch
responses:
'204':
description: No content - indicates the request was successful but there is no content to be returned in the response.
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/source-apps/assigned:
get:
operationId: listAssignedSourceApp
tags:
- Apps
summary: List assigned source apps
security:
- userAuth:
- 'idn:app-roles:read'
description: This API returns the list of source apps assigned for logged in user.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, accountSource.id**
example: 'name,-modified'
required: false
style: form
explode: true
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in, co, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**accountSource.id**: *eq, in*
example: name eq "source app name"
required: false
style: form
explode: true
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of source apps
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The source app id
example: 2c91808874ff91550175097daaec161c
cloudAppId:
type: string
description: The deprecated source app id
example: '9854520'
name:
type: string
description: The source app name
example: my app
created:
type: string
description: Time when the source app was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the source app was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
enabled:
type: boolean
default: false
description: True if the source app is enabled
example: true
provisionRequestEnabled:
type: boolean
default: false
description: True if the source app is provision request enabled
example: true
description:
type: string
nullable: false
description: The description of the source app
example: the source app for engineers
matchAllAccounts:
type: boolean
default: false
description: True if the source app match all accounts
example: true
appCenterEnabled:
type: boolean
default: true
description: True if the source app is shown in the app center
example: true
accountSource:
type: object
nullable: true
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
useForPasswordManagement:
type: boolean
default: false
description: If the source is used for password management
example: ture
passwordPolicies:
type: array
nullable: true
description: The password policies for the source
items:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
example:
- type: PASSWORD_POLICY
id: 006a072ecc6647f68bba9f4a4ad34649
name: Password Policy 1
owner:
type: object
nullable: true
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: The owner of source app
example:
id: 85d173e7d57e496569df763231d6deb6a
type: IDENTITY
name: John Doe
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/source-apps:
get:
operationId: listAvailableSourceApps
tags:
- Apps
summary: List available source apps
security:
- userAuth:
- 'idn:app-roles:read'
description: This API returns the list of source apps available for access request.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, owner.id, accountSource.id**
example: 'name,-modified'
required: false
style: form
explode: true
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in, co, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**accountSource.id**: *eq, in*
example: name eq "source app name"
required: false
style: form
explode: true
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of source apps
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The source app id
example: 2c91808874ff91550175097daaec161c
cloudAppId:
type: string
description: The deprecated source app id
example: '9854520'
name:
type: string
description: The source app name
example: my app
created:
type: string
description: Time when the source app was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the source app was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
enabled:
type: boolean
default: false
description: True if the source app is enabled
example: true
provisionRequestEnabled:
type: boolean
default: false
description: True if the source app is provision request enabled
example: true
description:
type: string
nullable: false
description: The description of the source app
example: the source app for engineers
matchAllAccounts:
type: boolean
default: false
description: True if the source app match all accounts
example: true
appCenterEnabled:
type: boolean
default: true
description: True if the source app is shown in the app center
example: true
accountSource:
type: object
nullable: true
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
useForPasswordManagement:
type: boolean
default: false
description: If the source is used for password management
example: ture
passwordPolicies:
type: array
nullable: true
description: The password policies for the source
items:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
example:
- type: PASSWORD_POLICY
id: 006a072ecc6647f68bba9f4a4ad34649
name: Password Policy 1
owner:
type: object
nullable: true
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: The owner of source app
example:
id: 85d173e7d57e496569df763231d6deb6a
type: IDENTITY
name: John Doe
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
post:
operationId: createSourceApp
tags:
- Apps
summary: Create source app
description: This endpoint creates a source app using the given source app payload
security:
- userAuth:
- 'idn:app-roles:manage'
parameters:
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
- description
- accountSource
properties:
name:
type: string
description: The source app name
example: my app
description:
type: string
nullable: false
description: The description of the source app
example: the source app for engineers
matchAllAccounts:
type: boolean
default: false
description: True if the source app match all accounts
example: true
accountSource:
type: object
required:
- id
properties:
id:
type: string
nullable: false
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
example:
name: new app name
description: app description
matchAllAccounts: true
accountSource:
id: edcb0951812949d085b60cd8bf35bc78
responses:
'200':
description: Responds with the source app as created.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The source app id
example: 2c91808874ff91550175097daaec161c
cloudAppId:
type: string
description: The deprecated source app id
example: '9854520'
name:
type: string
description: The source app name
example: my app
created:
type: string
description: Time when the source app was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the source app was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
enabled:
type: boolean
default: false
description: True if the source app is enabled
example: true
provisionRequestEnabled:
type: boolean
default: false
description: True if the source app is provision request enabled
example: true
description:
type: string
nullable: false
description: The description of the source app
example: the source app for engineers
matchAllAccounts:
type: boolean
default: false
description: True if the source app match all accounts
example: true
appCenterEnabled:
type: boolean
default: true
description: True if the source app is shown in the app center
example: true
accountSource:
type: object
nullable: true
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
useForPasswordManagement:
type: boolean
default: false
description: If the source is used for password management
example: ture
passwordPolicies:
type: array
nullable: true
description: The password policies for the source
items:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
example:
- type: PASSWORD_POLICY
id: 006a072ecc6647f68bba9f4a4ad34649
name: Password Policy 1
owner:
type: object
nullable: true
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: The owner of source app
example:
id: 85d173e7d57e496569df763231d6deb6a
type: IDENTITY
name: John Doe
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/source-apps/all:
get:
operationId: listAllSourceApp
tags:
- Apps
summary: List all source apps
security:
- userAuth:
- 'idn:app-roles:manage'
x-sailpoint-userLevels:
- ORG_ADMIN
description: 'This API returns the list of all source apps for the org. '
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, name, created, modified, owner.id, accountSource.id**
example: 'name,-modified'
required: false
style: form
explode: true
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in, co, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**accountSource.id**: *eq, in*
**enabled**: *eq*
example: enabled eq true
required: false
style: form
explode: true
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of source apps
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The source app id
example: 2c91808874ff91550175097daaec161c
cloudAppId:
type: string
description: The deprecated source app id
example: '9854520'
name:
type: string
description: The source app name
example: my app
created:
type: string
description: Time when the source app was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the source app was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
enabled:
type: boolean
default: false
description: True if the source app is enabled
example: true
provisionRequestEnabled:
type: boolean
default: false
description: True if the source app is provision request enabled
example: true
description:
type: string
nullable: false
description: The description of the source app
example: the source app for engineers
matchAllAccounts:
type: boolean
default: false
description: True if the source app match all accounts
example: true
appCenterEnabled:
type: boolean
default: true
description: True if the source app is shown in the app center
example: true
accountSource:
type: object
nullable: true
properties:
id:
type: string
description: The source ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: 'The source type, will always be "SOURCE"'
example: SOURCE
name:
type: string
description: The source name
example: ODS-AD-Source
useForPasswordManagement:
type: boolean
default: false
description: If the source is used for password management
example: ture
passwordPolicies:
type: array
nullable: true
description: The password policies for the source
items:
type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
example:
- type: PASSWORD_POLICY
id: 006a072ecc6647f68bba9f4a4ad34649
name: Password Policy 1
owner:
type: object
nullable: true
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
description: The owner of source app
example:
id: 85d173e7d57e496569df763231d6deb6a
type: IDENTITY
name: John Doe
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/source-apps/{id}/access-profiles':
get:
operationId: listAccessProfilesForSourceApp
tags:
- Apps
summary: List access profiles for the specified source app
security:
- userAuth:
- 'idn:app-roles:manage'
description: This API returns the list of access profiles for the specified source app
parameters:
- name: id
in: path
description: ID of the source app
required: true
x-sailpoint-resource-operation-id: listAllSourceApp
schema:
type: string
example: 2c91808a7813090a017814121e121518
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, in*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
example: name eq "developer access profile"
required: false
style: form
explode: true
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of access profiles for the specified source app
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
nullable: true
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date the Access Profile was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
disabled:
type: boolean
default: true
description: Whether the Access Profile is enabled.
example: true
requestable:
type: boolean
default: false
description: Whether the Access Profile is requestable via access request.
example: true
protected:
type: boolean
default: false
description: Whether the Access Profile is protected.
example: false
ownerId:
type: string
description: The owner ID of the Access Profile
example: 9870808a7190d06e01719938fcd20792
sourceId:
type: integer
format: int64
nullable: true
description: The source ID of the Access Profile
example: 10360661
sourceName:
type: string
description: The source name of the Access Profile
example: AD Source
appId:
type: integer
format: int64
nullable: true
description: The source app ID of the Access Profile
example: 10360661
appName:
type: string
nullable: true
description: The source app name of the Access Profile
example: mail app
applicationId:
type: string
description: The id of the application
example: edcb0951812949d085b60cd8bf35bc78
type:
type: string
description: The type of the access profile
example: source
entitlements:
type: array
items:
type: string
description: List of IDs of entitlements
example:
- 2c9180857725c14301772a93bb77242d
- c9dc28e148a24d65b3ccb5fb8ca5ddd9
entitlementCount:
type: integer
format: int32
example: 12
description: The number of entitlements in the access profile
segments:
type: array
items:
type: string
description: 'List of IDs of segments, if any, to which this Access Profile is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
approvalSchemes:
type: string
description: |
Comma-separated list of approval schemes. Each approval scheme is one of -
manager - appOwner - sourceOwner - accessProfileOwner - workgroup:<workgroupId>
example: accessProfileOwner
revokeRequestApprovalSchemes:
type: string
description: |
Comma-separated list of revoke request approval schemes. Each approval
scheme is one of - manager - sourceOwner - accessProfileOwner - workgroup:<workgroupId>
example: accessProfileOwner
requestCommentsRequired:
type: boolean
default: false
description: Whether the access profile require request comment for access request.
example: true
deniedCommentsRequired:
type: boolean
default: false
description: Whether denied comment is required when access request is denied.
example: true
accountSelector:
type: object
description: How to select account when there are multiple accounts for the user
properties:
selectors:
type: array
nullable: true
items:
type: object
properties:
applicationId:
type: string
description: The application id
example: 2c91808874ff91550175097daaec161c"
accountMatchConfig:
type: object
properties:
matchExpression:
type: object
properties:
matchTerms:
type: array
items:
type: object
properties:
name:
type: string
description: The attribute name
example: mail
value:
type: string
description: The attribute value
example: 1234 Albany Dr
op:
type: string
description: The operator between name and value
example: eq
container:
type: boolean
default: false
description: If it is a container or a real match term
example: true
and:
type: boolean
description: If it is AND logical operator for the children match terms
default: false
example: false
children:
type: array
nullable: true
items:
type: object
additionalProperties: true
description: The children under this match term
example:
- name: businessCategory
value: Service
op: eq
container: false
and: false
children: null
example:
- name: ''
value: ''
op: null
container: true
and: false
children:
- name: businessCategory
value: Service
op: eq
container: false
and: false
children: null
and:
type: boolean
description: If it is AND operators for match terms
default: true
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/source-apps/{id}/access-profiles/bulk-remove':
post:
operationId: deleteAccessProfilesFromSourceAppByBulk
tags:
- Apps
summary: Bulk remove access profiles from the specified source app
security:
- userAuth:
- 'idn:app-roles:manage'
description: This API returns the final list of access profiles for the specified source app after removing
parameters:
- name: id
in: path
description: ID of the source app
required: true
x-sailpoint-resource-operation-id: listAllSourceApp
schema:
type: string
example: 2c91808a7813090a017814121e121518
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: string
description: List of access profile IDs for removal
example:
- c9575abb5e3a4e3db82b2f989a738aa2
- c9dc28e148a24d65b3ccb5fb8ca5ddd9
responses:
'200':
description: The final list of access profiles for the specified source app
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of the Access Profile
example: 2c91808a7190d06e01719938fcd20792
name:
type: string
description: Name of the Access Profile
example: Employee-database-read-write
description:
type: string
nullable: true
description: Information about the Access Profile
example: Collection of entitlements to read/write the employee database
created:
type: string
description: Date the Access Profile was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
modified:
type: string
description: Date the Access Profile was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
disabled:
type: boolean
default: true
description: Whether the Access Profile is enabled.
example: true
requestable:
type: boolean
default: false
description: Whether the Access Profile is requestable via access request.
example: true
protected:
type: boolean
default: false
description: Whether the Access Profile is protected.
example: false
ownerId:
type: string
description: The owner ID of the Access Profile
example: 9870808a7190d06e01719938fcd20792
sourceId:
type: integer
format: int64
nullable: true
description: The source ID of the Access Profile
example: 10360661
sourceName:
type: string
description: The source name of the Access Profile
example: AD Source
appId:
type: integer
format: int64
nullable: true
description: The source app ID of the Access Profile
example: 10360661
appName:
type: string
nullable: true
description: The source app name of the Access Profile
example: mail app
applicationId:
type: string
description: The id of the application
example: edcb0951812949d085b60cd8bf35bc78
type:
type: string
description: The type of the access profile
example: source
entitlements:
type: array
items:
type: string
description: List of IDs of entitlements
example:
- 2c9180857725c14301772a93bb77242d
- c9dc28e148a24d65b3ccb5fb8ca5ddd9
entitlementCount:
type: integer
format: int32
example: 12
description: The number of entitlements in the access profile
segments:
type: array
items:
type: string
description: 'List of IDs of segments, if any, to which this Access Profile is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
approvalSchemes:
type: string
description: |
Comma-separated list of approval schemes. Each approval scheme is one of -
manager - appOwner - sourceOwner - accessProfileOwner - workgroup:<workgroupId>
example: accessProfileOwner
revokeRequestApprovalSchemes:
type: string
description: |
Comma-separated list of revoke request approval schemes. Each approval
scheme is one of - manager - sourceOwner - accessProfileOwner - workgroup:<workgroupId>
example: accessProfileOwner
requestCommentsRequired:
type: boolean
default: false
description: Whether the access profile require request comment for access request.
example: true
deniedCommentsRequired:
type: boolean
default: false
description: Whether denied comment is required when access request is denied.
example: true
accountSelector:
type: object
description: How to select account when there are multiple accounts for the user
properties:
selectors:
type: array
nullable: true
items:
type: object
properties:
applicationId:
type: string
description: The application id
example: 2c91808874ff91550175097daaec161c"
accountMatchConfig:
type: object
properties:
matchExpression:
type: object
properties:
matchTerms:
type: array
items:
type: object
properties:
name:
type: string
description: The attribute name
example: mail
value:
type: string
description: The attribute value
example: 1234 Albany Dr
op:
type: string
description: The operator between name and value
example: eq
container:
type: boolean
default: false
description: If it is a container or a real match term
example: true
and:
type: boolean
description: If it is AND logical operator for the children match terms
default: false
example: false
children:
type: array
nullable: true
items:
type: object
additionalProperties: true
description: The children under this match term
example:
- name: businessCategory
value: Service
op: eq
container: false
and: false
children: null
example:
- name: ''
value: ''
op: null
container: true
and: false
children:
- name: businessCategory
value: Service
op: eq
container: false
and: false
children: null
and:
type: boolean
description: If it is AND operators for match terms
default: true
example: true
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/user-apps/{id}':
patch:
operationId: patchUserApp
tags:
- Apps
summary: Patch user app by id
description: |-
This API updates an existing user app using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
The following fields are patchable: **account**
security:
- userAuth:
- 'idn:app-roles:read'
parameters:
- name: id
in: path
description: ID of the user app to patch
required: true
x-sailpoint-resource-operation-id: listAllUserApps
schema:
type: string
example: 2c91808a7813090a017814121e121518
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
type: object
description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
required:
- op
- path
properties:
op:
type: string
description: The operation to be performed
enum:
- add
- remove
- replace
- move
- copy
- test
example: replace
path:
type: string
description: A string JSON Pointer representing the target path to an element to be affected by the operation
example: /description
value:
oneOf:
- type: string
example: New description
title: string
- type: boolean
example: true
title: boolean
- type: integer
example: 300
title: integer
- type: object
title: object
example:
attributes:
name: philip
- type: array
title: array
items:
anyOf:
- type: string
- type: integer
- type: object
example:
- '001'
- '002'
- '003'
description: 'The value to be used for the operation, required for "add" and "replace" operations'
example: New description
example:
- op: replace
path: /account
value:
id: 0891808a7813090a017814121e121518
type: ACCOUNT
responses:
'200':
description: Responds with the user app as updated.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: The user app id
example: 2c91808874ff91550175097daaec161c
created:
type: string
description: Time when the user app was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the user app was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
hasMultipleAccounts:
type: boolean
default: false
description: True if the owner has multiple accounts for the source
example: false
useForPasswordManagement:
type: boolean
default: false
description: True if the source has password feature
example: true
provisionRequestEnabled:
type: boolean
default: false
description: True if the source app related to the user app is provision request enabled
example: true
appCenterEnabled:
type: boolean
default: true
description: True if the source app related to the user app is shown in the app center
example: true
sourceApp:
type: object
properties:
id:
type: string
description: the source app ID
example: edcb0951812949d085b60cd8bf35bc78
type:
type: string
description: It will always be "APPLICATION"
example: APPLICATION
name:
type: string
description: the source app name
example: test-app
source:
type: object
properties:
id:
type: string
description: the source ID
example: 9870808a7190d06e01719938fcd20792
type:
type: string
description: It will always be "SOURCE"
example: SOURCE
name:
type: string
description: the source name
example: test-source
account:
type: object
properties:
id:
type: string
description: the account ID
example: 85d173e7d57e496569df763231d6deb6a
type:
type: string
description: It will always be "ACCOUNT"
example: ACCOUNT
name:
type: string
description: the account name
example: test account
owner:
type: object
properties:
id:
type: string
description: The identity ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: It will always be "IDENTITY"
example: IDENTITY
name:
type: string
description: The identity name
example: John
alias:
type: string
description: The identity alias
example: John.Doe
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'404':
description: Not Found - returned if the request URL refers to a resource or object that does not exist
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'404':
summary: An example of a 404 response object
value:
detailCode: 404 Not found
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server did not find a current representation for the target resource.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/user-apps/{id}/available-accounts':
get:
operationId: listAvailableAccountsForUserApp
tags:
- Apps
summary: List available accounts for user app
security:
- userAuth:
- 'idn:app-roles:read'
description: This API returns the list of available accounts for the specified user app. The user app needs to belong lo logged in user.
parameters:
- name: id
in: path
description: ID of the user app
required: true
x-sailpoint-resource-operation-id: listAllUserApps
schema:
type: string
example: 2c91808a7813090a017814121e121518
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of available accounts for the specified user app
content:
application/json:
schema:
type: array
items:
type: object
properties:
appId:
type: string
description: The source app ID
example: fbf4f72280304f1a8bc808fc2a3bcf7b
appDisplayName:
type: string
description: The source app display name
example: AD source app
sourceAccount:
type: object
properties:
id:
type: string
description: The account ID
example: fbf4f72280304f1a8bc808fc2a3bcf7b
nativeIdentity:
type: string
description: The native identity of account
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
displayName:
type: string
description: The display name of account
example: Abby Smith
sourceId:
type: string
description: The source ID of account
example: 10efa58ea3954883b52bf74f489ce8f9
sourceDisplayName:
type: string
description: The source name of account
example: ODS-AD-SOURCE
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/user-apps:
get:
operationId: listOwnedUserApps
tags:
- Apps
summary: List owned user apps
security:
- userAuth:
- 'idn:app-roles:read'
description: This API returns the list of user apps assigned to logged in user
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq*
**ownerName**: *eq, sw*
**ownerAlias**: *eq, sw*
**accountId**: *eq*
**sourceAppId**: *eq*
example: name eq "user app name"
required: false
style: form
explode: true
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of user apps
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The user app id
example: 2c91808874ff91550175097daaec161c
created:
type: string
description: Time when the user app was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the user app was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
hasMultipleAccounts:
type: boolean
default: false
description: True if the owner has multiple accounts for the source
example: false
useForPasswordManagement:
type: boolean
default: false
description: True if the source has password feature
example: true
provisionRequestEnabled:
type: boolean
default: false
description: True if the source app related to the user app is provision request enabled
example: true
appCenterEnabled:
type: boolean
default: true
description: True if the source app related to the user app is shown in the app center
example: true
sourceApp:
type: object
properties:
id:
type: string
description: the source app ID
example: edcb0951812949d085b60cd8bf35bc78
type:
type: string
description: It will always be "APPLICATION"
example: APPLICATION
name:
type: string
description: the source app name
example: test-app
source:
type: object
properties:
id:
type: string
description: the source ID
example: 9870808a7190d06e01719938fcd20792
type:
type: string
description: It will always be "SOURCE"
example: SOURCE
name:
type: string
description: the source name
example: test-source
account:
type: object
properties:
id:
type: string
description: the account ID
example: 85d173e7d57e496569df763231d6deb6a
type:
type: string
description: It will always be "ACCOUNT"
example: ACCOUNT
name:
type: string
description: the account name
example: test account
owner:
type: object
properties:
id:
type: string
description: The identity ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: It will always be "IDENTITY"
example: IDENTITY
name:
type: string
description: The identity name
example: John
alias:
type: string
description: The identity alias
example: John.Doe
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/user-apps/all:
get:
operationId: listAllUserApps
tags:
- Apps
summary: List all user apps
security:
- userAuth:
- 'idn:app-roles:manage'
description: |-
This API returns the list of all user apps with specified filters.
This API must be used with **filters** query parameter.
parameters:
- in: query
name: limit
description: |-
Max number of results to return.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 250
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 250
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
- in: query
name: offset
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: 0
schema:
type: integer
format: int32
minimum: 0
default: 0
- in: query
name: filters
schema:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq*
**ownerId**: *eq*
**ownerName**: *eq, sw*
**ownerAlias**: *eq, sw*
**accountId**: *eq*
**sourceAppId**: *eq*
example: name eq "user app name"
required: true
style: form
explode: true
- name: X-SailPoint-Experimental
in: header
description: Use this header to enable this experimental API.
example: true
schema:
type: string
default: true
required: true
responses:
'200':
description: List of user apps
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: The user app id
example: 2c91808874ff91550175097daaec161c
created:
type: string
description: Time when the user app was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
modified:
type: string
description: Time when the user app was last modified
format: date-time
example: '2020-10-08T18:33:52.029Z'
hasMultipleAccounts:
type: boolean
default: false
description: True if the owner has multiple accounts for the source
example: false
useForPasswordManagement:
type: boolean
default: false
description: True if the source has password feature
example: true
provisionRequestEnabled:
type: boolean
default: false
description: True if the source app related to the user app is provision request enabled
example: true
appCenterEnabled:
type: boolean
default: true
description: True if the source app related to the user app is shown in the app center
example: true
sourceApp:
type: object
properties:
id:
type: string
description: the source app ID
example: edcb0951812949d085b60cd8bf35bc78
type:
type: string
description: It will always be "APPLICATION"
example: APPLICATION
name:
type: string
description: the source app name
example: test-app
source:
type: object
properties:
id:
type: string
description: the source ID
example: 9870808a7190d06e01719938fcd20792
type:
type: string
description: It will always be "SOURCE"
example: SOURCE
name:
type: string
description: the source name
example: test-source
account:
type: object
properties:
id:
type: string
description: the account ID
example: 85d173e7d57e496569df763231d6deb6a
type:
type: string
description: It will always be "ACCOUNT"
example: ACCOUNT
name:
type: string
description: the account name
example: test account
owner:
type: object
properties:
id:
type: string
description: The identity ID
example: 2c9180827ca885d7017ca8ce28a000eb
type:
type: string
description: It will always be "IDENTITY"
example: IDENTITY
name:
type: string
description: The identity name
example: John
alias:
type: string
description: The identity alias
example: John.Doe
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
'/roles/{id}/access-model-metadata/{attributeKey}/values/{attributeValue}':
post:
operationId: updateAttributeKeyAndValueToRole
summary: Add a metadata to role.
description: 'This API initialize a request to add a single Access Model Metadata to a role by attribute key and attribute value. A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. The maximum number of attributes in one role is 25. Custom metadata update, including ADD and REPLACE need suit licensed.'
tags:
- Roles
security:
- userAuth:
- 'idn:role:update'
- 'idn:role-checked:update'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
parameters:
- name: id
in: path
required: true
schema:
type: string
description: The Id of a role
example: c24359c389374d0fb8585698a2189e3d
- name: attributeKey
in: path
required: true
schema:
type: string
description: Technical name of the Attribute.
example: iscPrivacy
- name: attributeValue
in: path
required: true
schema:
type: string
description: Technical name of the Attribute Value.
example: public
responses:
'200':
description: Responds with the Role as updated.
content:
application/json:
schema:
type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: Owner of the object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
nullable: true
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
reauthorizationRequired:
type: boolean
description: Indicates whether reauthorization is required for the request.
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
dimensional:
description: Whether the Role is dimensional.
type: boolean
nullable: true
default: false
dimensionRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- DIMENSION
description: The type of the object to which this reference applies
example: DIMENSION
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Role 2
nullable: true
description: List of references to dimensions to which this Role is assigned. This field is only relevant if the Role is dimensional.
accessModelMetadata:
description: 'This field must be left null or empty when creating an Role, otherwise a 400 Bad Request error will result.'
example:
- key: iscFederalClassifications
name: Federal Classifications
multiselect: true
status: active
type: governance
objectTypes:
- general
description: Classification used by government organizations to specify the level of confidentiality for an access item.
values:
- value: secret
name: Secret
status: active
type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
delete:
operationId: deleteMetadataFromRoleByKeyAndValue
summary: Remove a metadata from role.
description: 'This API initialize a request to remove a single Access Model Metadata from a role by attribute key and value. A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API.'
tags:
- Roles
security:
- userAuth:
- 'idn:role:delete'
- 'idn:role-checked:delete'
- 'idn:role:update'
- 'idn:role-checked:update'
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
parameters:
- name: id
in: path
required: true
schema:
type: string
description: The role's id.
example: 2c91808c74ff913f0175097daa9d59cd
- name: attributeKey
in: path
required: true
schema:
type: string
description: Technical name of the Attribute.
example: iscPrivacy
- name: attributeValue
in: path
required: true
schema:
type: string
description: Technical name of the Attribute Value.
example: public
responses:
'202':
description: Request accepted
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/roles/access-model-metadata/bulk-update/ids:
post:
operationId: updateRolesMetadataByIds
summary: Bulk-update roles' metadata by id
description: |-
This API initiates a bulk update of metadata for one or more Roles by a list of Role Ids.
A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API.
The maximum role count in a single update request is 3000. The maximum metadata value count for a single role is 25.
Custom metadata update, including add, replace need suit licensed.
tags:
- Roles
security:
- UserContextAuth:
- 'idn:role:update'
- 'idn:role-checked:update'
requestBody:
required: true
content:
application/json:
schema:
description: This API initialize a Bulk update by Id request of Role metadata. The maximum role count in a single update request is 3000. The maximum meta data values that one single role assigned can not exceed 25. Custom metadata need suit licensed.
type: object
properties:
roles:
description: Roles' Id to be updated
type: array
items:
type: string
example:
- b1db89554cfa431cb8b9921ea38d9367
operation:
description: The operation to be performed
type: string
enum:
- ADD
- REMOVE
- REPLACE
example: REPLACE
replaceScope:
description: The choice of update scope.
type: string
enum:
- ALL
- ATTRIBUTE
example: ALL
values:
description: 'The metadata to be updated, including attribute key and value.'
type: array
nullable: false
items:
type: object
required:
- attribute
- values
properties:
attribute:
type: string
description: the key of metadata attribute
example: iscFederalClassifications
values:
type: array
description: the values of attribute to be updated
items:
type: string
example: secret
nullable: true
example:
- secret
example:
- attribute: iscFederalClassifications
values:
- topSecret
required:
- roles
- operation
- values
responses:
'202':
description: Returned if bulk update request created
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the task which is executing the bulk update. This also used in to the bulk-update/** API to track status.
example: 2c9180867817ac4d017817c491119a20
type:
type: string
description: Type of the bulk update object.
example: Role
status:
type: string
description: 'The status of the bulk update request, could also checked by getBulkUpdateStatus API'
enum:
- CREATED
- PRE_PROCESS
- PRE_PROCESS_COMPLETED
- POST_PROCESS
- COMPLETED
- CHUNK_PENDING
- CHUNK_PROCESSING
example: CREATED
created:
type: string
description: Time when the bulk update request was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/roles/access-model-metadata/bulk-update/filter:
post:
operationId: updateRolesMetadataByFilter
summary: Bulk-update roles' metadata by filters
description: |-
This API initiates a bulk update of metadata for one or more Roles by filter.
A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API.
The maximum metadata value count for a single role is 25.
Custom metadata update, including add, replace need suit licensed.
tags:
- Roles
security:
- UserContextAuth:
- 'idn:role:update'
- 'idn:role-checked:update'
requestBody:
required: true
content:
application/json:
schema:
description: This API initialize a a Bulk update by filter request of Role metadata. The maximum meta data values that one single role assigned can not exceed 25. Custom metadata need suit licensed.
type: object
properties:
filters:
description: |-
Filtering is supported for the following fields and operators:
**id** : *eq, in*
**name** : *eq, sw*
**created** : *gt, lt, ge, le*
**modified** : *gt, lt, ge, le*
**owner.id** : *eq, in*
**requestable** : *eq*
type: string
example: ' requestable eq false'
operation:
description: The operation to be performed
type: string
enum:
- ADD
- REMOVE
- REPLACE
example: REPLACE
replaceScope:
description: The choice of update scope.
type: string
enum:
- ALL
- ATTRIBUTE
example: ALL
values:
description: 'The metadata to be updated, including attribute key and value.'
type: array
nullable: false
items:
type: object
required:
- attribute
- values
properties:
attributeKey:
type: string
description: the key of metadata attribute
example: iscFederalClassifications
values:
type: array
description: the values of attribute to be updated
items:
type: string
example: secret
nullable: true
example:
- secret
example:
- attribute: iscFederalClassifications
values:
- topSecret
required:
- filters
- operation
- values
example:
operation: ADD
replaceScope: ALL
filters: requestable eq false
values:
- attribute: iscFederalClassifications
values:
- topSecret
responses:
'202':
description: Returned if bulk update request created
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the task which is executing the bulk update. This also used in to the bulk-update/** API to track status.
example: 2c9180867817ac4d017817c491119a20
type:
type: string
description: Type of the bulk update object.
example: Role
status:
type: string
description: 'The status of the bulk update request, could also checked by getBulkUpdateStatus API'
enum:
- CREATED
- PRE_PROCESS
- PRE_PROCESS_COMPLETED
- POST_PROCESS
- COMPLETED
- CHUNK_PENDING
- CHUNK_PROCESSING
example: CREATED
created:
type: string
description: Time when the bulk update request was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
examples:
Update request created successfully:
value:
id: 2d82ac17-eb0d-4ba6-9918-dcad6ee0294d
type: ROLE
status: CREATED
created: '2024-09-16T18:59:06.871594Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/roles/access-model-metadata/bulk-update/query:
post:
operationId: updateRolesMetadataByQuery
summary: Bulk-update roles' metadata by query
description: |-
This API initiates a bulk update of metadata for one or more Roles by query.
A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API.
The maximum metadata value count for a single role is 25.
Custom metadata update, including add, replace need suit licensed.
tags:
- Roles
security:
- UserContextAuth:
- 'idn:role:update'
- 'idn:role-checked:update'
requestBody:
required: true
content:
application/json:
schema:
description: |-
Bulk update by query request of Role metadata. The maximum meta data values that one single role assigned can not exceed 25. Custom metadata need suit licensed.
For more information about the query could refer to [V3 API Perform Search](https://developer.sailpoint.com/docs/api/v3/search-post)
type: object
properties:
query:
description: query the identities to be updated
type: object
items:
type: object
properties:
indices:
description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.'
externalDocs:
description: Learn more about search indices here.
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html'
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
queryType:
description: |-
The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.
To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
- TEXT
- TYPEAHEAD
default: SAILPOINT
example: SAILPOINT
queryVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the query object.
This version number will map to the version of Elasticsearch for the query strings and objects being used.
query:
type: object
description: Query parameters used to construct an Elasticsearch query object.
properties:
query:
description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'name:a*'
fields:
description: |-
The fields the query will be applied to. Fields provide you with a simple way to add additional fields to search, without making the query too complicated. For example, you can use the fields to specify that you want your query of "a*" to be applied to "name", "firstName", and the "source.name". The response will include all results matching the "a*" query found in those three fields.
A field's availability depends on the indices being searched. For example, if you are searching "identities", you can apply your search to the "firstName" field, but you couldn't use "firstName" with a search on "access profiles". Refer to the response schema for the respective lists of available fields.
type: string
example:
- 'firstName,lastName,email'
timeZone:
description: The time zone to be applied to any range query related to dates.
type: string
example: America/Chicago
innerHit:
description: The innerHit query object returns a flattened list of results for the specified nested type.
type: object
required:
- query
- type
properties:
query:
description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'source.name:\"Active Directory\"'
type:
description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.'
type: string
example: access
queryDsl:
description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.'
type: object
example:
match:
name: john.doe
textQuery:
type: object
description: Query parameters used to construct an Elasticsearch text query object.
required:
- terms
- fields
properties:
terms:
description: Words or characters that specify a particular thing to be searched for.
type: array
items:
type: string
example:
- The quick brown fox
- '3141592'
- '7'
fields:
description: The fields to be searched.
type: array
items:
type: string
example:
- displayName
- employeeNumber
- roleCount
matchAny:
description: 'Indicates that at least one of the terms must be found in the specified fields; otherwise, all terms must be found.'
type: boolean
default: false
example: false
contains:
description: 'Indicates that the terms can be located anywhere in the specified fields; otherwise, the fields must begin with the terms.'
type: boolean
default: false
example: true
typeAheadQuery:
type: object
description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." '
required:
- query
- field
properties:
query:
description: The type ahead query string used to construct a phrase prefix match query.
type: string
example: Work
field:
description: The field on which to perform the type ahead search.
type: string
example: source.name
nestedType:
description: The nested type.
type: string
example: access
maxExpansions:
description: |-
The number of suffixes the last term will be expanded into.
Influences the performance of the query and the number results returned.
Valid values: 1 to 1000.
type: integer
format: int32
minimum: 1
maximum: 1000
default: 10
example: 10
size:
description: The max amount of records the search will return.
type: integer
format: int32
minimum: 1
default: 100
example: 100
sort:
description: The sort order of the returned records.
type: string
default: desc
example: asc
sortByValue:
description: 'The flag that defines the sort type, by count or value.'
type: boolean
default: false
example: true
includeNested:
description: Indicates whether nested objects from returned search results should be included.
type: boolean
default: true
example: true
queryResultFilter:
type: object
description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.
properties:
includes:
description: The list of field names to include in the result documents.
type: array
items:
type: string
example:
- name
- displayName
excludes:
description: The list of field names to exclude from the result documents.
type: array
items:
type: string
example:
- stacktrace
aggregationType:
description: |
Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
default: DSL
example: DSL
aggregationsVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the language being used for aggregation queries.
This version number will map to the version of Elasticsearch for the aggregation query object.
aggregationsDsl:
description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.'
type: object
example: {}
aggregations:
description: |
The aggregation’s specifications, such as the groupings and calculations to be performed.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
description: Aggregation to be performed on the result of the parent bucket aggregation.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
description: Aggregation to be performed on the result of the parent bucket aggregation.
sort:
description: The fields to be used to sort the search results. Use + or - to specify the sort direction.
type: array
items:
type: string
example:
- displayName
- +id
searchAfter:
description: |-
Used to begin the search window at the values specified.
This parameter consists of the last values of the sorted fields in the current record set.
This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.
It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging.
For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"].
If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity.
The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"]
type: array
items:
type: string
example:
- John Doe
- 2c91808375d8e80a0175e1f88a575221
filters:
description: The filters to be applied for each filtered field name.
type: object
additionalProperties:
type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
example: {}
example:
query":
indices:
- roles
queryType: TEXT
textQuery:
terms:
- test123
fields:
- id
matchAny: false
contains: true
includeNested: false
operation:
description: The operation to be performed
type: string
enum:
- ADD
- REMOVE
- REPLACE
example: REPLACE
replaceScope:
description: The choice of update scope.
type: string
enum:
- ALL
- ATTRIBUTE
example: ALL
values:
description: 'The metadata to be updated, including attribute key and value.'
type: array
nullable: false
items:
type: object
required:
- attribute
- values
properties:
attributeKey:
type: string
description: the key of metadata attribute
example: iscFederalClassifications
attributeValue:
type: array
description: the values of attribute to be updated
items:
type: string
example: topSecret
example:
- topSecret
required:
- query
- operation
- values
example:
example of a success update:
query:
indices:
- roles
queryType: TEXT
textQuery:
terms:
- test123
fields:
- id
matchAny: false
contains: true
includeNested: false
operation: REPLACE
replaceScope: ALL
values:
- attribute: iscFederalClassifications
values:
- secret
responses:
'202':
description: Returned if bulk update request created
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the task which is executing the bulk update. This also used in to the bulk-update/** API to track status.
example: 2c9180867817ac4d017817c491119a20
type:
type: string
description: Type of the bulk update object.
example: Role
status:
type: string
description: 'The status of the bulk update request, could also checked by getBulkUpdateStatus API'
enum:
- CREATED
- PRE_PROCESS
- PRE_PROCESS_COMPLETED
- POST_PROCESS
- COMPLETED
- CHUNK_PENDING
- CHUNK_PROCESSING
example: CREATED
created:
type: string
description: Time when the bulk update request was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
examples:
Update request created successfully:
value:
id: 2d82ac17-eb0d-4ba6-9918-dcad6ee0294d
type: ROLE
status: CREATED
created: '2024-09-16T18:59:06.871594Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/roles/access-model-metadata/bulk-update/id:
get:
operationId: getBulkUpdateStatusById
summary: Get bulk-update status by id
description: |-
This API initial a request for one bulk update's status by bulk update Id returns the status of the bulk update process.
A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:role:update'
- 'idn:role-checked:update'
tags:
- Roles
parameters:
- name: id
in: path
required: true
schema:
type: string
description: The Id of the bulk update task.
example: c24359c389374d0fb8585698a2189e3d
responses:
'202':
description: return if bulk update status could be found.
content:
application/json:
schema:
type: object
properties:
id:
type: string
description: ID of the task which is executing the bulk update. This also used in to the bulk-update/** API to track status.
example: 2c9180867817ac4d017817c491119a20
type:
type: string
description: Type of the bulk update object.
example: Role
status:
type: string
description: 'The status of the bulk update request, could also checked by getBulkUpdateStatus API'
enum:
- CREATED
- PRE_PROCESS
- PRE_PROCESS_COMPLETED
- POST_PROCESS
- COMPLETED
- CHUNK_PENDING
- CHUNK_PROCESSING
example: CREATED
created:
type: string
description: Time when the bulk update request was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
examples:
Update request created successfully:
value:
id: 2d82ac17-eb0d-4ba6-9918-dcad6ee0294d
type: ROLE
status: CREATED
created: '2024-09-16T18:59:06.871594Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/roles/access-model-metadata/bulk-update:
get:
operationId: getBulkUpdateStatus
summary: Get bulk-update statuses
description: This API returns a list of all unfinished bulk update process status of the tenant.
x-sailpoint-userLevels:
- ORG_ADMIN
- ROLE_ADMIN
- ROLE_SUBADMIN
security:
- userAuth:
- 'idn:role:update'
- 'idn:role-checked:update'
tags:
- Roles
responses:
'200':
description: successfully get the status of all unfinished bulk updates request.
content:
application/json:
schema:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the task which is executing the bulk update. This also used in to the bulk-update/** API to track status.
example: 2c9180867817ac4d017817c491119a20
type:
type: string
description: Type of the bulk update object.
example: Role
status:
type: string
description: 'The status of the bulk update request, only list unfinished request''s status, the status could also checked by getBulkUpdateStatus API'
enum:
- CREATED
- PRE_PROCESS
- POST_PROCESS
- CHUNK_PENDING
- CHUNK_PROCESSING
example: CREATED
created:
type: string
description: Time when the bulk update request was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
/roles/filter:
post:
operationId: searchRolesByFilter
summary: Filter roles by metadata
description: |-
This API returns a list of Role that filter by metadata and filter, it support filter by both path parameter and attribute key and values.
A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, HELPDESK, CERT_ADMIN, REPORT_ADMIN or SOURCE_ADMIN authority is required to call this API.
security:
- UserContextAuth:
- 'idn:role:read'
- 'idn:role-checked:read'
tags:
- Roles
parameters:
- name: for-subadmin
in: query
schema:
type: string
description: 'If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity''s ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.'
example: 5168015d32f890ca15812c9180835d2e
required: false
- name: limit
in: query
schema:
type: integer
format: int32
minimum: 0
maximum: 250
default: 50
description: 'Max number of results to return See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.'
example: 50
required: false
- name: offset
in: query
description: |-
Offset into the full result set. Usually specified with *limit* to paginate through the results.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
schema:
type: integer
format: int32
minimum: 0
default: 0
required: false
example: 0
- name: count
in: query
description: |-
Boolean indicating whether a total count is returned, factoring in any filter parameters, in the X-Total-Count response header. The value is the total size of the collection that would be returned if limit and offset were ignored.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
schema:
type: boolean
default: false
required: false
example: true
- name: sorters
in: query
schema:
type: string
description: |-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: 'name,-modified'
required: false
- name: for-segment-ids
in: query
schema:
type: string
description: |-
If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.
If segmentation is currently unavailable, specifying this parameter results in an error.
example: '0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d'
required: false
- name: include-unsegmented
in: query
description: 'Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.'
schema:
type: boolean
default: true
required: false
example: false
- in: query
name: count
description: |-
If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
required: false
example: true
schema:
type: boolean
default: false
requestBody:
content:
application/json:
schema:
description: AMMFilterValues
type: object
properties:
filters:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**requestable**: *eq*
example: dimensional eq false
nullable: true
ammKeyValues:
nullable: true
type: array
items:
type: object
properties:
attribute:
description: attribute key of a metadata.
type: string
example: iscFederalClassifications
values:
description: 'A list of attribute key names to filter roles. If the values is empty, will only filter by attribute key.'
type: array
items:
type: string
example: secret
example:
- secret
example:
- attribute: iscFederalClassifications
values:
- secret
example:
filters: dimensional eq false
ammKeyValues:
- attribute: iscFederalClassifications
values:
- secret
responses:
'200':
description: Responds with A list of Roles
content:
application/json:
schema:
type: array
allOf:
- type: object
description: A Role
properties:
id:
type: string
description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.'
example: 2c918086749d78830174a1a40e121518
name:
type: string
description: The human-readable display name of the Role
maxLength: 128
example: Role 2567
created:
type: string
description: Date the Role was created
format: date-time
example: '2021-03-01T22:32:58.104Z'
readOnly: true
modified:
type: string
description: Date the Role was last modified.
format: date-time
example: '2021-03-02T20:22:28.104Z'
readOnly: true
description:
type: string
nullable: true
description: A human-readable description of the Role
example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner:
type: object
nullable: false
description: Owner of the object.
properties:
type:
type: string
enum:
- IDENTITY
description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.'
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: 'Owner''s name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.'
example: support
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
description: ID of the Access Profile
example: ff808081751e6e129f1518161919ecca
type:
type: string
description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.'
enum:
- ACCESS_PROFILE
example: ACCESS_PROFILE
name:
type: string
description: Human-readable display name of the Access Profile. This field is ignored on input.
example: Access Profile 2567
nullable: true
entitlements:
type: array
items:
type: object
description: Entitlement including a specific set of access.
properties:
type:
type: string
description: Entitlement's DTO type.
enum:
- ENTITLEMENT
example: ENTITLEMENT
id:
type: string
description: Entitlement's ID.
example: 2c91809773dee32014e13e122092014e
name:
type: string
nullable: true
description: Entitlement's display name.
example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local'
membership:
nullable: true
type: object
description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.'
properties:
type:
type: string
enum:
- STANDARD
- IDENTITY_LIST
description: |-
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
example: IDENTITY_LIST
criteria:
nullable: true
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
nullable: true
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
nullable: true
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
children:
type: array
items:
type: object
description: Defines STANDARD type Role membership
properties:
operation:
type: string
enum:
- EQUALS
- NOT_EQUALS
- CONTAINS
- STARTS_WITH
- ENDS_WITH
- AND
- OR
description: An operation
example: EQUALS
key:
type: object
nullable: true
description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria'
properties:
type:
type: string
enum:
- IDENTITY
- ACCOUNT
- ENTITLEMENT
description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.'
example: ACCOUNT
property:
type: string
description: The name of the attribute or entitlement to which the associated criteria applies.
example: attribute.email
sourceId:
type: string
nullable: true
description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
example: 2c9180867427f3a301745aec18211519
required:
- type
- property
stringValue:
type: string
description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.'
example: carlee.cert1c9f9b6fd@mailinator.com
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
nullable: true
description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.'
identities:
type: array
items:
type: object
description: A reference to an Identity in an IDENTITY_LIST role membership criteria.
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
nullable: true
id:
type: string
description: Identity id
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
nullable: true
description: Human-readable display name of the Identity.
example: Thomas Edison
aliasName:
type: string
nullable: true
description: User name of the Identity
example: t.edison
nullable: true
description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.'
legacyMembershipInfo:
type: object
nullable: true
description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.'
example:
type: IDENTITY_LIST
additionalProperties: true
enabled:
type: boolean
description: Whether the Role is enabled or not.
example: true
default: false
requestable:
type: boolean
description: Whether the Role can be the target of access requests.
example: true
default: false
accessRequestConfig:
nullable: true
description: Access request configuration for this object
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: true
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: true
nullable: true
default: false
reauthorizationRequired:
type: boolean
description: Indicates whether reauthorization is required for the request.
example: true
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
revocationRequestConfig:
nullable: true
default: null
description: Revocation request configuration for this object.
type: object
properties:
commentsRequired:
type: boolean
description: Whether the requester of the containing object must provide comments justifying the request
example: false
nullable: true
default: false
denialCommentsRequired:
type: boolean
description: Whether an approver must provide comments when denying the request
example: false
nullable: true
default: false
approvalSchemes:
type: array
description: List describing the steps in approving the revocation request
items:
type: object
properties:
approverType:
type: string
enum:
- OWNER
- MANAGER
- GOVERNANCE_GROUP
description: |-
Describes the individual or group that is responsible for an approval step. Values are as follows.
**OWNER**: Owner of the associated Role
**MANAGER**: Manager of the Identity making the request
**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field
example: GOVERNANCE_GROUP
approverId:
type: string
nullable: true
description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP'
example: 46c79819-a69f-49a2-becb-12c971ae66c6
segments:
type: array
items:
type: string
nullable: true
description: 'List of IDs of segments, if any, to which this Role is assigned.'
example:
- f7b1b8a3-5fed-4fd4-ad29-82014e137e19
- 29cb6c06-1da8-43ea-8be4-b3125f248f2a
dimensional:
description: Whether the Role is dimensional.
type: boolean
nullable: true
default: false
dimensionRefs:
type: array
items:
type: object
properties:
type:
type: string
enum:
- DIMENSION
description: The type of the object to which this reference applies
example: DIMENSION
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: Role 2
nullable: true
description: List of references to dimensions to which this Role is assigned. This field is only relevant if the Role is dimensional.
accessModelMetadata:
description: 'This field must be left null or empty when creating an Role, otherwise a 400 Bad Request error will result.'
example:
- key: iscFederalClassifications
name: Federal Classifications
multiselect: true
status: active
type: governance
objectTypes:
- general
description: Classification used by government organizations to specify the level of confidentiality for an access item.
values:
- value: secret
name: Secret
status: active
type: object
properties:
attributes:
type: array
nullable: true
items:
type: object
properties:
key:
type: string
description: Technical name of the Attribute. This is unique and cannot be changed after creation.
example: iscPrivacy
name:
type: string
description: The display name of the key.
example: Privacy
multiselect:
type: boolean
default: false
description: Indicates whether the attribute can have multiple values.
example: false
status:
type: string
description: The status of the Attribute.
example: active
type:
type: string
description: The type of the Attribute. This can be either "custom" or "governance".
example: governance
objectTypes:
type: array
items:
type: string
nullable: true
description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
example:
- entitlement
description:
type: string
description: The description of the Attribute.
example: Specifies the level of privacy associated with an access item.
values:
type: array
nullable: true
items:
type: object
properties:
value:
type: string
description: Technical name of the Attribute value. This is unique and cannot be changed after creation.
example: public
name:
type: string
description: The display name of the Attribute value.
example: Public
status:
type: string
description: The status of the Attribute value.
example: active
example:
- key: iscPrivacy
name: Privacy
multiselect: false
status: active
type: governance
objectTypes:
- all
description: Specifies the level of privacy associated with an access item.
values:
- value: public
name: Public
status: active
required:
- name
- owner
'400':
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
'401':
description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
content:
application/json:
schema:
type: object
properties:
error:
description: A message describing the error
example: 'JWT validation failed: JWT is expired'
'403':
description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'403':
summary: An example of a 403 response object
value:
detailCode: 403 Forbidden
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The server understood the request but refuses to authorize it.
'429':
description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
content:
application/json:
schema:
type: object
properties:
message:
description: A message describing the error
example: ' Rate Limit Exceeded '
'500':
description: Internal Server Error - Returned if there is an unexpected error.
content:
application/json:
schema:
type: object
properties:
detailCode:
type: string
description: Fine-grained error code providing more detail of the error.
example: 400.1 Bad Request Content
trackingId:
type: string
description: Unique tracking id for the error.
example: e7eab60924f64aa284175b9fa3309599
messages:
type: array
description: Generic localized reason for error
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
causes:
type: array
description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
items:
type: object
properties:
locale:
type: string
description: 'The locale for the message text, a BCP 47 language tag.'
example: en-US
nullable: true
localeOrigin:
type: string
enum:
- DEFAULT
- REQUEST
- null
description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
example: DEFAULT
nullable: true
text:
type: string
description: Actual text of the error message in the indicated locale.
example: The request was syntactically correct but its content is semantically invalid.
examples:
'500':
summary: An example of a 500 response object
value:
detailCode: 500.0 Internal Fault
trackingId: b21b1f7ce4da4d639f2c62a57171b427
messages:
- locale: en-US
localeOrigin: DEFAULT
text: An internal fault occurred.
security:
- userAuth:
- 'sp:scopes:all'
components:
securitySchemes:
userAuth:
type: oauth2
x-displayName: Personal Access Token
description: |
OAuth2 Bearer token (JWT) generated using either a [personal access token (PAT)](https://developer.sailpoint.com/docs/api/authentication/#generate-a-personal-access-token) or through the [authorization code flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-authorization-code-grant-flow).
Personal access tokens are associated with a user in Identity Security Cloud and relies on the user's [user level](https://documentation.sailpoint.com/saas/help/common/users/index.html) (ex. Admin, Helpdesk, etc.) to determine a base level of access.
See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.
flows:
clientCredentials:
tokenUrl: 'https://tenant.api.identitynow.com/oauth/token'
scopes:
'sp:scopes:default': default scope
'sp:scopes:all': access to all scopes
authorizationCode:
authorizationUrl: 'https://tenant.login.sailpoint.com/oauth/authorize'
tokenUrl: 'https://tenant.api.identitynow.com/oauth/token'
scopes:
'sp:scopes:default': default scope
'sp:scopes:all': access to all scopes
applicationAuth:
type: oauth2
x-displayName: Client Credentials
description: |
OAuth2 Bearer token (JWT) generated using [client credentials flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-client-credentials-grant-flow).
Client credentials refers to tokens that are not associated with a user in Identity Security Cloud.
See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information.
flows:
clientCredentials:
tokenUrl: 'https://tenant.api.identitynow.com/oauth/token'
scopes:
'sp:scopes:default': default scope
'sp:scopes:all': access to all scopes
schemas:
AccessRequest:
type: object
properties:
requestedFor:
description: 'A list of Identity IDs for whom the Access is requested. If it''s a Revoke request, there can only be one Identity ID.'
type: array
items:
type: string
example: 2c918084660f45d6016617daa9210584
requestType:
type: string
enum:
- GRANT_ACCESS
- REVOKE_ACCESS
- null
description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
example: GRANT_ACCESS
nullable: true
requestedItems:
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of the item being requested.
example: ACCESS_PROFILE
id:
type: string
description: 'ID of Role, Access Profile or Entitlement being requested.'
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: |
Comment provided by requester.
* Comment is required when the request is of type Revoke Access.
example: Requesting access profile for John Doe
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
removeDate:
type: string
description: |
The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date.
* Specify a date in the future.
* The current SLA for the deprovisioning is 24 hours.
* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration.
format: date-time
example: '2020-07-11T21:23:15.000Z'
assignmentId:
type: string
nullable: true
description: |
The assignmentId for a specific role assignment on the identity. This id is used to revoke that specific roleAssignment on that identity.
* For use with REVOKE_ACCESS requests for roles for identities with multiple accounts on a single source.
example: ee48a191c00d49bf9264eb0a4fc3a9fc
nativeIdentity:
type: string
nullable: true
description: |
The unique identifier for an account on the identity, designated as the account ID attribute in the source's account schema. This is used to revoke a specific attributeAssignment on the identity.
* For use with REVOKE_ACCESS requests for entitlements for identities with multiple accounts on a single source.
example: 'CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN'
required:
- id
- type
minItems: 1
maxItems: 25
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.
requestedForWithRequestedItems:
description: |
Additional submit data structure with requestedFor containing requestedItems allowing distinction for each request item and Identity.
* Can only be used when 'requestedFor' and 'requestedItems' are not separately provided
* Adds ability to specify which account the user wants the access on, in case they have multiple accounts on a source
* Allows the ability to request items with different remove dates
* Also allows different combinations of request items and identities in the same request
* Only for use in GRANT_ACCESS type requests
type: array
items:
type: object
properties:
identityId:
type: string
nullable: false
description: The identity id for which the access is requested
example: cb89bc2f1ee6445fbea12224c526ba3a
requestedItems:
description: the details for the access items that are requested for the identity
type: array
items:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of the item being requested.
example: ACCESS_PROFILE
id:
type: string
description: 'ID of Role, Access Profile or Entitlement being requested.'
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: |
Comment provided by requester.
* Comment is required when the request is of type Revoke Access.
example: Requesting access profile for John Doe
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
removeDate:
type: string
description: |
The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date.
* Specify a date in the future.
* The current SLA for the deprovisioning is 24 hours.
* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration.
format: date-time
example: '2020-07-11T21:23:15.000Z'
accountSelection:
type: array
items:
type: object
properties:
sourceId:
type: string
nullable: true
description: The id for the source on which account selections are made
example: cb89bc2f1ee6445fbea12224c526ba3a
accounts:
description: 'A list of account selections on the source. Currently, only one selection per source is supported.'
type: array
items:
type: object
properties:
accountUuid:
type: string
nullable: true
description: 'The uuid for the account, available under the ''objectguid'' attribute'
example: '{fab7119e-004f-4822-9c33-b8d570d6c6a6}'
nativeIdentity:
type: string
nullable: false
description: The 'distinguishedName' attribute for the account
example: 'CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local'
nullable: true
nullable: true
description: |
The accounts where the access item will be provisioned to
* Includes selections performed by the user in the event of multiple accounts existing on the same source
* Also includes details for sources where user only has one account
required:
- id
- type
nullable: false
required:
- identityId
- requestedItems
nullable: true
required:
- requestedFor
- requestedItems
AccessRequestItem:
type: object
properties:
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: The type of the item being requested.
example: ACCESS_PROFILE
id:
type: string
description: 'ID of Role, Access Profile or Entitlement being requested.'
example: 2c9180835d2e5168015d32f890ca1581
comment:
type: string
description: |
Comment provided by requester.
* Comment is required when the request is of type Revoke Access.
example: Requesting access profile for John Doe
clientMetadata:
type: object
additionalProperties:
type: string
example:
requestedAppId: 2c91808f7892918f0178b78da4a305a1
requestedAppName: test-app
example:
requestedAppName: test-app
requestedAppId: 2c91808f7892918f0178b78da4a305a1
description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
removeDate:
type: string
description: |
The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date.
* Specify a date in the future.
* The current SLA for the deprovisioning is 24 hours.
* This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration.
format: date-time
example: '2020-07-11T21:23:15.000Z'
assignmentId:
type: string
nullable: true
description: |
The assignmentId for a specific role assignment on the identity. This id is used to revoke that specific roleAssignment on that identity.
* For use with REVOKE_ACCESS requests for roles for identities with multiple accounts on a single source.
example: ee48a191c00d49bf9264eb0a4fc3a9fc
nativeIdentity:
type: string
nullable: true
description: |
The unique identifier for an account on the identity, designated as the account ID attribute in the source's account schema. This is used to revoke a specific attributeAssignment on the identity.
* For use with REVOKE_ACCESS requests for entitlements for identities with multiple accounts on a single source.
example: 'CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN'
required:
- id
- type
AccessProfileDocument:
description: 'More complete representation of an access profile. '
allOf:
- type: object
properties:
description:
type: string
description: Access item's description.
example: Admin access
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
properties:
id:
type: string
description: Access profile's ID.
example: 2c9180825a6c1adc015a71c9023f0818
name:
type: string
description: Access profile's name.
example: Cloud Eng
source:
type: object
description: Access profile's source.
properties:
id:
type: string
description: Source's ID.
example: ff8081815757d4fb0157588f3d9d008f
name:
type: string
description: Source's name.
example: Employees
entitlements:
type: array
description: Entitlements the access profile has access to.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements.
example: 5
segments:
type: array
description: Segments with the access profile.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the access profile.
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
apps:
type: array
description: Applications with the access profile
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
description: Name of application
example: Travel and Expense
description:
description: Description of application.
type: string
example: Travel and Expense Application
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: John Doe
email:
type: string
description: Owner's email.
example: john.doe@sailpoint.com
AccessProfileSummary:
description: This is a summary representation of an access profile.
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
type:
type: string
description: Type of the access item.
example: ACCESS_PROFILE
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
revocable:
type: boolean
example: true
AccessReviewReassignment:
type: object
properties:
reassign:
type: array
items:
type: object
properties:
id:
type: string
description: The ID of item or identity being reassigned.
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
description: The type of item or identity being reassigned.
enum:
- TARGET_SUMMARY
- ITEM
- IDENTITY_SUMMARY
example: ITEM
required:
- id
- type
reassignTo:
type: string
description: The ID of the identity to which the certification is reassigned
example: ef38f94347e94562b5bb8424a56397d8
reason:
type: string
description: The reason comment for why the reassign was made
example: reassigned for some reason
required:
- reassign
- reassignTo
- reason
Account:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- sourceId
- sourceName
- attributes
- authoritative
- disabled
- locked
- nativeIdentity
- systemAccount
- uncorrelated
- manuallyCorrelated
- hasEntitlements
properties:
sourceId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the source this account belongs to
sourceName:
type: string
nullable: true
example: Employees
description: The display name of the source this account belongs to
identityId:
type: string
example: 2c9180835d2e5168015d32f890ca1581
description: The unique ID of the identity this account is correlated to
cloudLifecycleState:
type: string
nullable: true
example: active
description: The lifecycle state of the identity this account is correlated to
identityState:
type: string
nullable: true
example: ACTIVE
description: The identity state of the identity this account is correlated to
connectionType:
type: string
nullable: true
example: direct
description: The connection type of the source this account is from
isMachine:
type: boolean
default: false
description: Indicates if the account is of machine type
example: true
recommendation:
allOf:
- type: object
properties:
type:
type: string
enum:
- HUMAN
- MACHINE
description: Recommended type of account.
example: MACHINE
method:
type: string
enum:
- DISCOVERY
- SOURCE
- CRITERIA
description: 'Method used to produce the recommendation. DISCOVERY - suggested by AI, SOURCE - the account comes from a source flagged as containing machine accounts, CRITERIA - the account satisfies classification criteria.'
example: DISCOVERY
required:
- type
- method
- nullable: true
description: Indicates that the account is currently classified to be one type but is recommended to be a different one
example:
type: MACHINE
method: DISCOVERY
attributes:
type: object
nullable: true
additionalProperties: true
description: The account attributes that are aggregated
example:
firstName: SailPoint
lastName: Support
displayName: SailPoint Support
authoritative:
type: boolean
description: Indicates if this account is from an authoritative source
example: false
description:
type: string
description: A description of the account
nullable: true
example: null
disabled:
type: boolean
description: Indicates if the account is currently disabled
example: false
locked:
type: boolean
description: Indicates if the account is currently locked
example: false
nativeIdentity:
type: string
description: The unique ID of the account generated by the source system
example: '552775'
systemAccount:
type: boolean
example: false
description: 'If true, this is a user account within IdentityNow. If false, this is an account from a source system.'
uncorrelated:
type: boolean
description: Indicates if this account is not correlated to an identity
example: false
uuid:
type: string
description: The unique ID of the account as determined by the account schema
example: '{b0dce506-d6d4-44d2-8a32-d9a5b21fb175}'
nullable: true
manuallyCorrelated:
type: boolean
description: Indicates if the account has been manually correlated to an identity
example: false
hasEntitlements:
type: boolean
description: Indicates if the account has entitlements
example: true
identity:
description: The identity this account is correlated to
type: object
properties:
id:
type: string
description: The ID of the identity
example: 2c918084660f45d6016617daa9210584
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
name:
type: string
description: display name of identity
example: John Doe
sourceOwner:
type: object
nullable: true
description: The owner of the source this account belongs to.
properties:
id:
type: string
description: The ID of the identity
example: 2c918084660f45d6016617daa9210584
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
name:
type: string
description: display name of identity
example: Adam Kennedy
features:
type: string
description: A string list containing the owning source's features
example: ENABLE
nullable: true
origin:
type: string
nullable: true
enum:
- AGGREGATED
- PROVISIONED
- null
description: The origin of the account either aggregated or provisioned
example: AGGREGATED
ownerIdentity:
allOf:
- type: object
properties:
type:
description: DTO type
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
example: IDENTITY
id:
type: string
description: ID of the object to which this reference applies
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Human-readable display name of the object to which this reference applies
example: William Wilson
- description: 'The identity who owns this account, used only for machine accounts'
nullable: true
example:
id: 2c918084660f45d6016617daa9210584
type: IDENTITY
name: Adam Kennedy
AccountActivity:
type: object
properties:
id:
type: string
description: Id of the account activity
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: The name of the activity
example: 2c9180835d2e5168015d32f890ca1581
created:
description: When the activity was first created
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
modified:
description: When the activity was last modified
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
nullable: true
completed:
description: When the activity was completed
type: string
format: date-time
nullable: true
example: '2018-10-19T13:49:37.385Z'
completionStatus:
nullable: true
type: string
description: The status after completion.
enum:
- SUCCESS
- FAILURE
- INCOMPLETE
- PENDING
- null
example: SUCCESS
type:
nullable: true
type: string
example: appRequest
description: |
The type of action the activity performed. Please see the following list of types. This list may grow over time.
- CloudAutomated
- IdentityAttributeUpdate
- appRequest
- LifecycleStateChange
- AccountStateUpdate
- AccountAttributeUpdate
- CloudPasswordRequest
- Attribute Synchronization Refresh
- Certification
- Identity Refresh
- Lifecycle Change Refresh
[Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data).
requesterIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
targetIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
errors:
nullable: true
description: 'A list of error messages, if any, that were encountered.'
type: array
items:
type: string
example:
- 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.'
warnings:
nullable: true
description: 'A list of warning messages, if any, that were encountered.'
type: array
items:
type: string
example:
- 'Some warning, another warning'
items:
nullable: true
type: array
description: Individual actions performed as part of this account activity
items:
type: object
properties:
id:
type: string
description: Item id
example: 48c545831b264409a81befcabb0e3c5a
name:
type: string
description: Human-readable display name of item
example: 48c545831b264409a81befcabb0e3c5a
requested:
type: string
format: date-time
description: Date and time item was requested
example: '2017-07-11T18:45:37.098Z'
approvalStatus:
type: string
nullable: true
enum:
- FINISHED
- REJECTED
- RETURNED
- EXPIRED
- PENDING
- CANCELED
- null
example: PENDING
description: The state of an approval status
provisioningStatus:
type: string
enum:
- PENDING
- FINISHED
- UNVERIFIABLE
- COMMITED
- FAILED
- RETRY
description: Provisioning state of an account activity item
example: PENDING
requesterComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
reviewerIdentitySummary:
type: object
nullable: true
properties:
id:
type: string
description: ID of this identity summary
example: ff80818155fe8c080155fe8d925b0316
name:
type: string
description: Human-readable display name of identity
example: SailPoint Services
identityId:
type: string
description: ID of the identity that this summary represents
example: c15b9f5cca5a4e9599eaa0e64fa921bd
completed:
type: boolean
description: Indicates if all access items for this summary have been decided on
example: true
default: false
reviewerComment:
type: object
nullable: true
properties:
commenterId:
type: string
description: Id of the identity making the comment
example: 2c918084660f45d6016617daa9210584
commenterName:
type: string
description: Human-readable display name of the identity making the comment
example: Adam Kennedy
body:
type: string
description: Content of the comment
example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
date:
type: string
format: date-time
description: Date and time comment was made
example: '2017-07-11T18:45:37.098Z'
operation:
type: string
nullable: true
enum:
- ADD
- CREATE
- MODIFY
- DELETE
- DISABLE
- ENABLE
- UNLOCK
- LOCK
- REMOVE
- SET
- null
description: Represents an operation in an account activity item
example: ADD
attribute:
type: string
description: Attribute to which account activity applies
nullable: true
example: detectedRoles
value:
type: string
description: Value of attribute
nullable: true
example: 'Treasury Analyst [AccessProfile-1529010191212]'
nativeIdentity:
nullable: true
type: string
description: Native identity in the target system to which the account activity applies
example: Sandie.Camero
sourceId:
type: string
description: Id of Source to which account activity applies
example: 2c91808363ef85290164000587130c0c
accountRequestInfo:
type: object
nullable: true
properties:
requestedObjectId:
type: string
description: Id of requested object
example: 2c91808563ef85690164001c31140c0c
requestedObjectName:
type: string
description: Human-readable name of requested object
example: Treasury Analyst
requestedObjectType:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: Currently supported requestable object types.
example: ACCESS_PROFILE
description: 'If an account activity item is associated with an access request, captures details of that request.'
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item'
example:
customKey1: custom value 1
customKey2: custom value 2
removeDate:
nullable: true
type: string
description: The date the role or access profile or entitlement is no longer assigned to the specified identity.
format: date-time
example: '2020-07-11T00:00:00Z'
executionStatus:
type: string
description: The current state of execution.
enum:
- EXECUTING
- VERIFYING
- TERMINATED
- COMPLETED
example: COMPLETED
clientMetadata:
nullable: true
type: object
additionalProperties:
type: string
description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
example:
customKey1: custom value 1
customKey2: custom value 2
AccountActivitySearchedItem:
description: AccountActivity
type: object
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of account activity.
action:
type: string
description: Type of action performed in the activity.
externalDocs:
description: Learn more about account activity action types
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data'
example: Identity Refresh.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
example: '2018-06-25T20:22:28.104Z'
stage:
type: string
description: Activity's current stage.
example: Completed
status:
type: string
description: Activity's current status.
example: Complete
requester:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
recipient:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
trackingNumber:
type: string
description: Account activity's tracking number.
example: 61aad0c9e8134eca89e76a35e0cabe3f
errors:
type: array
description: Errors provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
warnings:
type: array
description: Warnings provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
approvals:
type: array
description: Approvals performed on an item during activity.
items:
type: object
properties:
comments:
type: array
items:
type: object
properties:
comment:
type: string
description: The comment text
example: This request was autoapproved by our automated ETS subscriber.
commenter:
type: string
description: The name of the commenter
example: Automated AR Approval
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
result:
type: string
description: The result of the approval
example: Finished
attributeRequest:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
originalRequests:
type: array
description: Original actions that triggered all individual source actions related to the account action.
items:
type: object
properties:
accountId:
type: string
description: Account ID.
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
result:
type: object
properties:
status:
type: string
description: Request result status
example: Manual Task Created
attributeRequests:
type: array
description: Attribute changes requested for account.
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
op:
type: string
description: Operation used.
example: add
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
description: Account's source.
expansionItems:
type: array
description: Controls that translated the attribute requests into actual provisioning actions on the source.
items:
type: object
properties:
accountId:
type: string
description: The ID of the account
example: 2c91808981f58ea601821c3e93482e6f
cause:
type: string
example: Role
description: Cause of the expansion item.
name:
type: string
description: The name of the item
example: smartsheet-role
attributeRequest:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
id:
type: string
description: ID of the expansion item
example: ac2887ffe0e7435a8c18c73f7ae94c7b
state:
type: string
description: State of the expansion item
example: EXECUTING
accountRequests:
type: array
description: Account data for each individual source action triggered by the original requests.
items:
type: object
properties:
accountId:
type: string
description: Unique ID of the account
example: John.Doe
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
op:
type: string
example: Modify
description: The operation that was performed
provisioningTarget:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: object
properties:
errors:
type: array
items:
type: string
example: |-
[ConnectorError] [
{
"code": "unrecognized_keys",
"keys": [
"groups"
],
"path": [],
"message": "Unrecognized key(s) in object: 'groups'"
}
] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)
description: Error message.
status:
type: string
description: The status of the account request
example: failed
ticketId:
type: string
nullable: true
example: null
description: ID of associated ticket.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
sources:
type: string
description: Sources involved in the account activity.
example: 'smartsheet-test, airtable-v4, IdentityNow'
AccountAttributes:
type: object
required:
- attributes
properties:
attributes:
description: The schema attribute values for the account
type: object
additionalProperties: true
example:
city: Austin
displayName: John Doe
userName: jdoe
sAMAccountName: jDoe
mail: john.doe@sailpoint.com
AccountsAsyncResult:
description: Accounts async response containing details on started async process
required:
- id
type: object
properties:
id:
description: id of the task
type: string
example: 2c91808474683da6017468693c260195
AccountToggleRequest:
description: Request used for account enable/disable
type: object
properties:
externalVerificationId:
description: 'If set, an external process validates that the user wants to proceed with this request.'
type: string
example: 3f9180835d2e5168015d32f890ca1581
forceProvisioning:
description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.'
type: boolean
example: false
AccountUnlockRequest:
description: Request used for account unlock
type: object
properties:
externalVerificationId:
description: 'If set, an external process validates that the user wants to proceed with this request.'
type: string
example: 3f9180835d2e5168015d32f890ca1581
unlockIDNAccount:
description: 'If set, the IDN account is unlocked after the workflow completes.'
type: boolean
example: false
forceProvisioning:
description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.'
type: boolean
example: false
ApprovalItems:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
- nullable: true
Campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
Certification:
type: object
properties:
id:
example: 2c9180835d2e5168015d32f890ca1581
type: string
description: id of the certification
name:
example: 'Source Owner Access Review for Employees [source]'
type: string
description: name of the certification
campaign:
type: object
required:
- id
- name
- type
- campaignType
- description
- correlatedStatus
- mandatoryCommentRequirement
properties:
id:
type: string
description: The unique ID of the campaign.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the campaign.
example: Campaign Name
type:
type: string
enum:
- CAMPAIGN
description: The type of object that is being referenced.
example: CAMPAIGN
campaignType:
type: string
enum:
- MANAGER
- SOURCE_OWNER
- SEARCH
description: The type of the campaign.
example: MANAGER
description:
type: string
description: The description of the campaign set by the admin who created it.
nullable: true
example: A description of the campaign
correlatedStatus:
type: string
description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
enum:
- CORRELATED
- UNCORRELATED
example: CORRELATED
mandatoryCommentRequirement:
type: string
description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.'
enum:
- ALL_DECISIONS
- REVOKE_ONLY_DECISIONS
- NO_DECISIONS
example: NO_DECISIONS
completed:
type: boolean
description: Have all decisions been made?
example: true
identitiesCompleted:
type: integer
description: The number of identities for whom all decisions have been made and are complete.
example: 5
format: int32
identitiesTotal:
type: integer
description: 'The total number of identities in the Certification, both complete and incomplete.'
example: 10
format: int32
created:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: created date
modified:
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: modified date
decisionsMade:
type: integer
description: The number of approve/revoke/acknowledge decisions that have been made.
example: 20
format: int32
decisionsTotal:
type: integer
description: The total number of approve/revoke/acknowledge decisions.
example: 40
format: int32
due:
type: string
format: date-time
description: The due date of the certification.
example: '2018-10-19T13:49:37.385Z'
nullable: true
signed:
type: string
format: date-time
nullable: true
description: The date the reviewer signed off on the Certification.
example: '2018-10-19T13:49:37.385Z'
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
hasErrors:
description: Identifies if the certification has an error
type: boolean
example: false
errorMessage:
description: Description of the certification error
nullable: true
type: string
example: The certification has an error
phase:
type: string
description: |
The current phase of the campaign.
* `STAGED`: The campaign is waiting to be activated.
* `ACTIVE`: The campaign is active.
* `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
enum:
- STAGED
- ACTIVE
- SIGNED
example: ACTIVE
CertificationReference:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
EntitlementDocument:
description: Entitlement
allOf:
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the referenced object.
name:
type: string
example: john.doe
description: The human readable name of the referenced object.
- type: object
properties:
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
displayName:
type: string
description: Entitlement's display name.
example: Admin
source:
type: object
description: Entitlement's source.
properties:
id:
type: string
description: ID of entitlement's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of entitlement's source.
example: ODS-HR-Employees
type:
type: string
example: SOURCE
description: Type of object.
segments:
type: array
description: Segments with the entitlement.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
requestable:
type: boolean
description: Indicates whether the entitlement is requestable.
default: false
example: false
cloudGoverned:
type: boolean
description: Indicates whether the entitlement is cloud governed.
default: false
example: false
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
attribute:
type: string
description: Attribute information for the entitlement.
example: groups
value:
type: string
description: Value of the entitlement.
example: 1733ff75-441e-4327-9bfc-3ac445fd8cd1
sourceSchemaObjectType:
type: string
description: Source schema object type of the entitlement.
example: group
schema:
type: string
description: Schema type of the entitlement.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
attributes:
type: object
additionalProperties: true
description: Attributes of the entitlement.
truncatedAttributes:
type: array
description: Truncated attributes of the entitlement.
items:
type: string
containsDataAccess:
type: boolean
description: Indicates whether the entitlement contains data access.
default: false
manuallyUpdatedFields:
type: object
description: Indicates whether the entitlement's display name and/or description have been manually updated.
nullable: true
properties:
DESCRIPTION:
type: boolean
default: false
example: false
DISPLAY_NAME:
type: boolean
default: false
example: false
permissions:
type: array
items:
type: object
properties:
target:
type: string
description: The target the permission would grants rights on.
example: SYS.GV_$TRANSACTION
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
items:
type: string
example: SELECT
EntitlementSummary:
description: EntitlementReference
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
type:
type: string
description: Type of the access item.
example: ENTITLEMENT
privileged:
type: boolean
example: false
attribute:
type: string
example: memberOf
value:
type: string
example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone:
type: boolean
example: false
Event:
type: object
description: Event
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the entitlement.
name:
type: string
example: Add Entitlement Passed
description: Name of the entitlement.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
example: '2018-06-25T20:22:28.104Z'
action:
type: string
description: Name of the event as it's displayed in audit reports.
example: AddEntitlement
type:
type: string
description: 'Event type. Refer to [Event Types](https://documentation.sailpoint.com/saas/help/search/index.html#event-types) for a list of event types and their meanings.'
example: ACCESS_ITEM
actor:
type: object
properties:
name:
type: string
description: Name of the actor that generated the event.
example: System
target:
type: object
properties:
name:
type: string
description: 'Name of the target, or recipient, of the event.'
example: Carol.Adams
stack:
type: string
description: The event's stack.
example: tpe
trackingNumber:
type: string
description: ID of the group of events.
example: 63f891e0735f4cc8bf1968144a1e7440
ipAddress:
type: string
description: Target system's IP address.
example: 52.52.97.85
details:
type: string
description: ID of event's details.
example: 73b65dfbed1842548c207432a18c84b0
attributes:
type: object
description: Attributes involved in the event.
additionalProperties: true
example:
pod: stg03-useast1
org: acme
sourceName: SailPoint
objects:
type: array
description: Objects the event is happening to.
items:
type: string
example: AUTHENTICATION
operation:
type: string
description: 'Operation, or action, performed during the event.'
example: ADD
status:
type: string
description: 'Event status. Refer to [Event Statuses](https://documentation.sailpoint.com/saas/help/search/index.html#event-statuses) for a list of event statuses and their meanings.'
example: PASSED
technicalName:
type: string
description: Event's normalized name. This normalized name always follows the pattern of 'objects_operation_status'.
example: ENTITLEMENT_ADD_PASSED
IdentityDocument:
description: Identity
allOf:
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the referenced object.
name:
type: string
example: john.doe
description: The human readable name of the referenced object.
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
displayName:
type: string
example: Carol.Adams
description: Identity's display name.
firstName:
type: string
description: Identity's first name.
example: Carol
lastName:
type: string
description: Identity's last name.
example: Adams
email:
type: string
description: Identity's primary email address.
example: Carol.Adams@sailpointdemo.com
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
phone:
type: string
description: Identity's phone number.
example: +1 440-527-3672
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
inactive:
type: boolean
description: Indicates whether the identity is inactive.
default: false
example: false
protected:
type: boolean
description: Indicates whether the identity is protected.
default: false
example: false
status:
type: string
description: Identity's status in SailPoint.
example: UNREGISTERED
employeeNumber:
type: string
description: Identity's employee number.
example: 1a2a3d4e
manager:
type: object
description: Identity's manager.
nullable: true
properties:
id:
type: string
description: ID of identity's manager.
example: 2c9180867dfe694b017e208e27c05799
name:
type: string
description: Name of identity's manager.
example: Amanda.Ross
displayName:
type: string
description: Display name of identity's manager.
example: Amanda.Ross
isManager:
type: boolean
description: Indicates whether the identity is a manager of other identities.
example: false
identityProfile:
type: object
description: Identity's identity profile.
properties:
id:
type: string
description: Identity profile's ID.
example: 3bc8ad26b8664945866b31339d1ff7d2
name:
type: string
description: Identity profile's name.
example: HR Employees
source:
type: object
description: Identity's source.
properties:
id:
type: string
description: ID of identity's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of identity's source.
example: ODS-HR-Employees
attributes:
type: object
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
country: US
firstname: Carol
cloudStatus: UNREGISTERED
disabled:
type: boolean
description: Indicates whether the identity is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the identity is locked.
default: false
example: false
processingState:
type: string
description: Identity's processing state.
nullable: true
example: ERROR
processingDetails:
description: Identity's processing details.
nullable: true
type: object
properties:
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
stage:
type: string
example: In Process
retryCount:
type: integer
example: 0
format: int32
stackTrace:
type: string
example:
message:
type: string
example:
accounts:
type: array
description: List of accounts associated with the identity.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
accountId:
type: string
description: Account ID.
example: John.Doe
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
disabled:
type: boolean
description: Indicates whether the account is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the account is locked.
default: false
example: false
privileged:
type: boolean
description: Indicates whether the account is privileged.
default: false
example: false
manuallyCorrelated:
type: boolean
description: Indicates whether the account has been manually correlated to an identity.
default: false
example: false
passwordLastSet:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
entitlementAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
moderator: true
admin: true
trust_level: '4'
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
supportsPasswordChange:
type: boolean
description: Indicates whether the account supports password change.
default: false
example: false
accountAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
type: global
admin: true
trust_level: '4'
accountCount:
type: integer
description: Number of accounts associated with the identity.
format: int32
example: 3
apps:
type: array
description: List of applications the identity has access to.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
account:
type: object
properties:
id:
type: string
description: The SailPoint generated unique ID
example: 2c9180837dfe6949017e21f3d8cd6d49
accountId:
type: string
description: The account ID generated by the source
example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
appCount:
type: integer
format: int32
description: Number of applications the identity has access to.
example: 2
access:
type: array
description: List of access items assigned to the identity.
items:
discriminator:
propertyName: type
mapping:
ACCESS_PROFILE: ../access/AccessProfileSummary.yaml
ENTITLEMENT: ../access/AccessProfileEntitlement.yaml
ROLE: ../access/AccessProfileRole.yaml
oneOf:
- description: This is a summary representation of an access profile.
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
type:
type: string
description: Type of the access item.
example: ACCESS_PROFILE
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
revocable:
type: boolean
example: true
- description: EntitlementReference
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
type:
type: string
description: Type of the access item.
example: ENTITLEMENT
privileged:
type: boolean
example: false
attribute:
type: string
example: memberOf
value:
type: string
example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone:
type: boolean
example: false
- description: Role
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
type:
type: string
description: Type of the access item.
example: ROLE
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
disabled:
type: boolean
revocable:
type: boolean
accessCount:
type: integer
format: int32
description: Number of access items assigned to the identity.
example: 5
entitlementCount:
type: integer
format: int32
description: Number of entitlements assigned to the identity.
example: 10
roleCount:
type: integer
format: int32
description: Number of roles assigned to the identity.
example: 1
accessProfileCount:
type: integer
format: int32
description: Number of access profiles assigned to the identity.
example: 1
owns:
type: array
description: Access items the identity owns.
items:
type: object
properties:
sources:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
entitlements:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
roles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
apps:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
governanceGroups:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
fallbackApprover:
type: boolean
example: false
ownsCount:
type: integer
format: int32
description: Number of access items the identity owns.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
tagsCount:
type: integer
format: int32
description: Number of tags on the identity.
visibleSegments:
type: array
description: List of segments that the identity is in.
items:
type: string
nullable: true
example:
- All Employees
visibleSegmentCount:
type: integer
format: int32
description: Number of segments the identity is in.
example: 1
IdentityProfile:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
required:
- authoritativeSource
properties:
description:
type: string
description: Identity profile's description.
example: My custom flat file profile
nullable: true
owner:
type: object
description: Identity profile's owner.
nullable: true
properties:
type:
type: string
enum:
- IDENTITY
description: Owner's object type.
example: IDENTITY
id:
type: string
description: Owner's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Owner's name.
example: William Wilson
priority:
type: integer
format: int64
description: Identity profile's priority.
example: 10
authoritativeSource:
type: object
properties:
type:
type: string
enum:
- SOURCE
description: Authoritative source's object type.
example: SOURCE
id:
type: string
description: Authoritative source's ID.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Authoritative source's name.
example: HR Active Directory
identityRefreshRequired:
type: boolean
default: false
description: Set this value to 'True' if an identity refresh is necessary. You would typically want to trigger an identity refresh when a change has been made on the source.
example: true
identityCount:
type: integer
description: Number of identities belonging to the identity profile.
format: int32
example: 8
identityAttributeConfig:
type: object
description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
properties:
enabled:
description: Backend will only promote values if the profile/mapping is enabled.
type: boolean
default: false
example: true
attributeTransforms:
type: array
items:
type: object
description: Transform definition for an identity attribute.
properties:
identityAttributeName:
type: string
description: Identity attribute's name.
example: email
transformDefinition:
description: Seaspray transform definition.
type: object
properties:
type:
type: string
description: Transform definition type.
example: accountAttribute
attributes:
type: object
additionalProperties: true
description: Arbitrary key-value pairs to store any metadata for the object
example:
attributeName: e-mail
sourceName: MySource
sourceId: 2c9180877a826e68017a8c0b03da1a53
identityExceptionReportReference:
type: object
nullable: true
properties:
taskResultId:
type: string
format: uuid
description: Task result ID.
example: 2b838de9-db9b-abcf-e646-d4f274ad4238
reportName:
type: string
example: My annual report
description: Report name.
hasTimeBasedAttr:
description: Indicates the value of `requiresPeriodicRefresh` attribute for the identity profile.
type: boolean
default: false
example: true
IdentityReferenceWithNameAndEmail:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
ProvisioningConfig:
type: object
description: Specification of a Service Desk integration provisioning configuration.
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
ProvisioningPolicy:
type: object
required:
- name
properties:
name:
nullable: true
type: string
description: the provisioning policy name
example: example provisioning policy for inactive identities
description:
type: string
description: the description of the provisioning policy
example: this provisioning policy creates access based on an identity going inactive
usageType:
type: string
nullable: false
enum:
- CREATE
- UPDATE
- ENABLE
- DISABLE
- DELETE
- ASSIGN
- UNASSIGN
- CREATE_GROUP
- UPDATE_GROUP
- DELETE_GROUP
- REGISTER
- CREATE_IDENTITY
- UPDATE_IDENTITY
- EDIT_GROUP
- UNLOCK
- CHANGE_PASSWORD
example: CREATE
description: |-
The type of provisioning policy usage.
In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined.
These are the common usage types:
CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source.
UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source.
ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created.
DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source.
You can use these four usage types for all your provisioning policy needs.
fields:
type: array
items:
type: object
properties:
name:
type: string
description: The name of the attribute.
example: userName
transform:
type: object
description: The transform to apply to the field
example:
type: rule
attributes:
name: Create Unique LDAP Attribute
default: {}
attributes:
type: object
description: Attributes required for the transform
example:
template: '${firstname}.${lastname}${uniqueCounter}'
cloudMaxUniqueChecks: '50'
cloudMaxSize: '20'
cloudRequired: 'true'
isRequired:
type: boolean
readOnly: true
description: Flag indicating whether or not the attribute is required.
default: false
example: false
type:
type: string
description: The type of the attribute.
example: string
isMultiValued:
type: boolean
description: Flag indicating whether or not the attribute is multi-valued.
default: false
example: false
QueuedCheckConfigDetails:
description: Configuration of maximum number of days and interval for checking Service Desk integration queue status.
required:
- provisioningStatusCheckIntervalMinutes
- provisioningMaxStatusCheckDays
type: object
properties:
provisioningStatusCheckIntervalMinutes:
description: Interval in minutes between status checks
type: string
example: 30
provisioningMaxStatusCheckDays:
description: Maximum number of days to check
type: string
example: 2
Reassignment:
type: object
nullable: true
properties:
from:
type: object
properties:
id:
type: string
description: The id of the certification.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the certification.
example: Certification Name
type:
type: string
enum:
- CERTIFICATION
example: CERTIFICATION
reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
comment:
type: string
description: The comment entered when the Certification was reassigned
example: Reassigned for a reason
ReassignmentReference:
type: object
properties:
id:
type: string
description: The ID of item or identity being reassigned.
example: ef38f94347e94562b5bb8424a56397d8
type:
type: string
description: The type of item or identity being reassigned.
enum:
- TARGET_SUMMARY
- ITEM
- IDENTITY_SUMMARY
example: ITEM
required:
- id
- type
RemediationItems:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
RequestableObject:
type: object
properties:
id:
type: string
description: Id of the requestable object itself
example: 2c9180835d2e5168015d32f890ca1581
name:
type: string
description: Human-readable display name of the requestable object
example: Applied Research Access
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: The time when the requestable object was created
modified:
nullable: true
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: The time when the requestable object was last modified
description:
type: string
description: Description of the requestable object.
example: 'Access to research information, lab results, and schematics.'
nullable: true
type:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: Currently supported requestable object types.
example: ACCESS_PROFILE
requestStatus:
allOf:
- type: string
enum:
- AVAILABLE
- PENDING
- ASSIGNED
- null
description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
example: AVAILABLE
- nullable: true
identityRequestId:
type: string
description: 'If *requestStatus* is *PENDING*, indicates the id of the associated account activity.'
nullable: true
example: null
ownerRef:
type: object
nullable: true
properties:
type:
type: string
description: The type can only be IDENTITY. This is read-only.
example: IDENTITY
id:
type: string
description: Identity ID.
example: 5168015d32f890ca15812c9180835d2e
name:
type: string
description: Identity's human-readable display name. This is read-only.
example: Alison Ferguso
email:
type: string
nullable: true
description: Identity's email address. This is read-only.
example: alison.ferguso@identitysoon.com
requestCommentsRequired:
type: boolean
description: Whether the requester must provide comments when requesting the object.
example: false
RequestableObjectType:
type: string
enum:
- ACCESS_PROFILE
- ROLE
- ENTITLEMENT
description: Currently supported requestable object types.
example: ACCESS_PROFILE
RequestableObjectRequestStatus:
type: string
enum:
- AVAILABLE
- PENDING
- ASSIGNED
- null
description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
example: AVAILABLE
Reviewer:
type: object
properties:
id:
type: string
description: The id of the reviewer.
example: ef38f94347e94562b5bb8424a56397d8
name:
type: string
description: The name of the reviewer.
example: Reviewer Name
email:
type: string
description: The email of the reviewing identity.
example: reviewer@test.com
type:
type: string
enum:
- IDENTITY
description: The type of the reviewing identity.
example: IDENTITY
created:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The created date of the reviewing identity.
modified:
nullable: true
example: '2018-06-25T20:22:28.104Z'
format: date-time
type: string
description: The modified date of the reviewing identity.
RoleDocument:
description: Role
allOf:
- type: object
properties:
description:
type: string
description: Access item's description.
example: Admin access
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the role.
name:
type: string
example: Branch Manager Access
description: Name of the role.
accessProfiles:
type: array
description: Access profiles included with the role.
nullable: true
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
accessProfileCount:
type: integer
description: Number of access profiles included with the role.
nullable: true
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
nullable: true
segments:
type: array
description: Segments with the role.
nullable: true
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
nullable: true
format: int32
example: 1
entitlements:
type: array
description: Entitlements included with the role.
nullable: true
items:
allOf:
- type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
- properties:
sourceSchemaObjectType:
type: string
description: Schema objectType.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
entitlementCount:
type: integer
description: Number of entitlements included with the role.
nullable: true
format: int32
example: 3
dimensional:
type: boolean
example: false
default: false
dimensionSchemaAttributeCount:
type: integer
description: Number of dimension attributes included with the role.
nullable: true
format: int32
example: 3
dimensionSchemaAttributes:
type: array
description: Dimension attributes included with the role.
nullable: true
items:
type: object
properties:
derived:
type: boolean
example: true
default: true
displayName:
type: string
description: Displayname of the dimension attribute.
example: Department
name:
type: string
description: Name of the dimension attribute.
example: department
dimensions:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: Unique ID of the dimension.
example: b3c28992ba964a40a7598978139d1ced
name:
type: string
description: Name of the dimension.
example: Manager Austin Branch
description:
type: string
nullable: true
description: Description of the dimension.
example: Managers located at the Austin branch
entitlements:
type: array
description: Entitlements included with the role.
nullable: true
items:
allOf:
- type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
- properties:
sourceSchemaObjectType:
type: string
description: Schema objectType.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
accessProfiles:
type: array
nullable: true
description: Access profiles included in the dimension.
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
RoleSummary:
description: Role
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
type:
type: string
description: Type of the access item.
example: ROLE
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
disabled:
type: boolean
revocable:
type: boolean
SearchDocument:
type: object
oneOf:
- description: 'More complete representation of an access profile. '
allOf:
- type: object
properties:
description:
type: string
description: Access item's description.
example: Admin access
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
properties:
id:
type: string
description: Access profile's ID.
example: 2c9180825a6c1adc015a71c9023f0818
name:
type: string
description: Access profile's name.
example: Cloud Eng
source:
type: object
description: Access profile's source.
properties:
id:
type: string
description: Source's ID.
example: ff8081815757d4fb0157588f3d9d008f
name:
type: string
description: Source's name.
example: Employees
entitlements:
type: array
description: Entitlements the access profile has access to.
items:
type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
entitlementCount:
type: integer
description: Number of entitlements.
example: 5
segments:
type: array
description: Segments with the access profile.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the access profile.
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
apps:
type: array
description: Applications with the access profile
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
description: Name of application
example: Travel and Expense
description:
description: Description of application.
type: string
example: Travel and Expense Application
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: John Doe
email:
type: string
description: Owner's email.
example: john.doe@sailpoint.com
- description: AccountActivity
type: object
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of account activity.
action:
type: string
description: Type of action performed in the activity.
externalDocs:
description: Learn more about account activity action types
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data'
example: Identity Refresh.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
example: '2018-06-25T20:22:28.104Z'
stage:
type: string
description: Activity's current stage.
example: Completed
status:
type: string
description: Activity's current status.
example: Complete
requester:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
recipient:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
trackingNumber:
type: string
description: Account activity's tracking number.
example: 61aad0c9e8134eca89e76a35e0cabe3f
errors:
type: array
description: Errors provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
warnings:
type: array
description: Warnings provided by the source while completing account actions.
items:
type: string
nullable: true
example: null
approvals:
type: array
description: Approvals performed on an item during activity.
items:
type: object
properties:
comments:
type: array
items:
type: object
properties:
comment:
type: string
description: The comment text
example: This request was autoapproved by our automated ETS subscriber.
commenter:
type: string
description: The name of the commenter
example: Automated AR Approval
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
modified:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Identity
description: Type of object
result:
type: string
description: The result of the approval
example: Finished
attributeRequest:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
originalRequests:
type: array
description: Original actions that triggered all individual source actions related to the account action.
items:
type: object
properties:
accountId:
type: string
description: Account ID.
example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
result:
type: object
properties:
status:
type: string
description: Request result status
example: Manual Task Created
attributeRequests:
type: array
description: Attribute changes requested for account.
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
op:
type: string
description: Operation used.
example: add
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
description: Account's source.
expansionItems:
type: array
description: Controls that translated the attribute requests into actual provisioning actions on the source.
items:
type: object
properties:
accountId:
type: string
description: The ID of the account
example: 2c91808981f58ea601821c3e93482e6f
cause:
type: string
example: Role
description: Cause of the expansion item.
name:
type: string
description: The name of the item
example: smartsheet-role
attributeRequest:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
id:
type: string
description: ID of the expansion item
example: ac2887ffe0e7435a8c18c73f7ae94c7b
state:
type: string
description: State of the expansion item
example: EXECUTING
accountRequests:
type: array
description: Account data for each individual source action triggered by the original requests.
items:
type: object
properties:
accountId:
type: string
description: Unique ID of the account
example: John.Doe
attributeRequests:
type: array
items:
type: object
properties:
name:
type: string
description: Attribute name.
example: groups
op:
type: string
description: Operation to perform on attribute.
example: Add
value:
oneOf:
- type: string
example: '3203537556531076'
- type: array
items:
type: string
example:
- '3203537556531076'
- '1263537556831096'
description: Value of attribute.
op:
type: string
example: Modify
description: The operation that was performed
provisioningTarget:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
result:
type: object
properties:
errors:
type: array
items:
type: string
example: |-
[ConnectorError] [
{
"code": "unrecognized_keys",
"keys": [
"groups"
],
"path": [],
"message": "Unrecognized key(s) in object: 'groups'"
}
] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)
description: Error message.
status:
type: string
description: The status of the account request
example: failed
ticketId:
type: string
nullable: true
example: null
description: ID of associated ticket.
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
sources:
type: string
description: Sources involved in the account activity.
example: 'smartsheet-test, airtable-v4, IdentityNow'
- description: Entitlement
allOf:
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the referenced object.
name:
type: string
example: john.doe
description: The human readable name of the referenced object.
- type: object
properties:
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
displayName:
type: string
description: Entitlement's display name.
example: Admin
source:
type: object
description: Entitlement's source.
properties:
id:
type: string
description: ID of entitlement's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of entitlement's source.
example: ODS-HR-Employees
type:
type: string
example: SOURCE
description: Type of object.
segments:
type: array
description: Segments with the entitlement.
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
format: int32
example: 1
requestable:
type: boolean
description: Indicates whether the entitlement is requestable.
default: false
example: false
cloudGoverned:
type: boolean
description: Indicates whether the entitlement is cloud governed.
default: false
example: false
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
attribute:
type: string
description: Attribute information for the entitlement.
example: groups
value:
type: string
description: Value of the entitlement.
example: 1733ff75-441e-4327-9bfc-3ac445fd8cd1
sourceSchemaObjectType:
type: string
description: Source schema object type of the entitlement.
example: group
schema:
type: string
description: Schema type of the entitlement.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
attributes:
type: object
additionalProperties: true
description: Attributes of the entitlement.
truncatedAttributes:
type: array
description: Truncated attributes of the entitlement.
items:
type: string
containsDataAccess:
type: boolean
description: Indicates whether the entitlement contains data access.
default: false
manuallyUpdatedFields:
type: object
description: Indicates whether the entitlement's display name and/or description have been manually updated.
nullable: true
properties:
DESCRIPTION:
type: boolean
default: false
example: false
DISPLAY_NAME:
type: boolean
default: false
example: false
permissions:
type: array
items:
type: object
properties:
target:
type: string
description: The target the permission would grants rights on.
example: SYS.GV_$TRANSACTION
rights:
type: array
description: All the rights (e.g. actions) that this permission allows on the target
items:
type: string
example: SELECT
- type: object
description: Event
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the entitlement.
name:
type: string
example: Add Entitlement Passed
description: Name of the entitlement.
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
example: '2018-06-25T20:22:28.104Z'
action:
type: string
description: Name of the event as it's displayed in audit reports.
example: AddEntitlement
type:
type: string
description: 'Event type. Refer to [Event Types](https://documentation.sailpoint.com/saas/help/search/index.html#event-types) for a list of event types and their meanings.'
example: ACCESS_ITEM
actor:
type: object
properties:
name:
type: string
description: Name of the actor that generated the event.
example: System
target:
type: object
properties:
name:
type: string
description: 'Name of the target, or recipient, of the event.'
example: Carol.Adams
stack:
type: string
description: The event's stack.
example: tpe
trackingNumber:
type: string
description: ID of the group of events.
example: 63f891e0735f4cc8bf1968144a1e7440
ipAddress:
type: string
description: Target system's IP address.
example: 52.52.97.85
details:
type: string
description: ID of event's details.
example: 73b65dfbed1842548c207432a18c84b0
attributes:
type: object
description: Attributes involved in the event.
additionalProperties: true
example:
pod: stg03-useast1
org: acme
sourceName: SailPoint
objects:
type: array
description: Objects the event is happening to.
items:
type: string
example: AUTHENTICATION
operation:
type: string
description: 'Operation, or action, performed during the event.'
example: ADD
status:
type: string
description: 'Event status. Refer to [Event Statuses](https://documentation.sailpoint.com/saas/help/search/index.html#event-statuses) for a list of event statuses and their meanings.'
example: PASSED
technicalName:
type: string
description: Event's normalized name. This normalized name always follows the pattern of 'objects_operation_status'.
example: ENTITLEMENT_ADD_PASSED
- description: Identity
allOf:
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the referenced object.
name:
type: string
example: john.doe
description: The human readable name of the referenced object.
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
displayName:
type: string
example: Carol.Adams
description: Identity's display name.
firstName:
type: string
description: Identity's first name.
example: Carol
lastName:
type: string
description: Identity's last name.
example: Adams
email:
type: string
description: Identity's primary email address.
example: Carol.Adams@sailpointdemo.com
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
phone:
type: string
description: Identity's phone number.
example: +1 440-527-3672
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
inactive:
type: boolean
description: Indicates whether the identity is inactive.
default: false
example: false
protected:
type: boolean
description: Indicates whether the identity is protected.
default: false
example: false
status:
type: string
description: Identity's status in SailPoint.
example: UNREGISTERED
employeeNumber:
type: string
description: Identity's employee number.
example: 1a2a3d4e
manager:
type: object
description: Identity's manager.
nullable: true
properties:
id:
type: string
description: ID of identity's manager.
example: 2c9180867dfe694b017e208e27c05799
name:
type: string
description: Name of identity's manager.
example: Amanda.Ross
displayName:
type: string
description: Display name of identity's manager.
example: Amanda.Ross
isManager:
type: boolean
description: Indicates whether the identity is a manager of other identities.
example: false
identityProfile:
type: object
description: Identity's identity profile.
properties:
id:
type: string
description: Identity profile's ID.
example: 3bc8ad26b8664945866b31339d1ff7d2
name:
type: string
description: Identity profile's name.
example: HR Employees
source:
type: object
description: Identity's source.
properties:
id:
type: string
description: ID of identity's source.
example: 2c91808b6e9e6fb8016eec1a2b6f7b5f
name:
type: string
description: Display name of identity's source.
example: ODS-HR-Employees
attributes:
type: object
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
country: US
firstname: Carol
cloudStatus: UNREGISTERED
disabled:
type: boolean
description: Indicates whether the identity is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the identity is locked.
default: false
example: false
processingState:
type: string
description: Identity's processing state.
nullable: true
example: ERROR
processingDetails:
description: Identity's processing details.
nullable: true
type: object
properties:
date:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
stage:
type: string
example: In Process
retryCount:
type: integer
example: 0
format: int32
stackTrace:
type: string
example:
message:
type: string
example:
accounts:
type: array
description: List of accounts associated with the identity.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
accountId:
type: string
description: Account ID.
example: John.Doe
source:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
type:
type: string
example: Delimited File
description: Type of source returned.
disabled:
type: boolean
description: Indicates whether the account is disabled.
default: false
example: false
locked:
type: boolean
description: Indicates whether the account is locked.
default: false
example: false
privileged:
type: boolean
description: Indicates whether the account is privileged.
default: false
example: false
manuallyCorrelated:
type: boolean
description: Indicates whether the account has been manually correlated to an identity.
default: false
example: false
passwordLastSet:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
entitlementAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
moderator: true
admin: true
trust_level: '4'
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
supportsPasswordChange:
type: boolean
description: Indicates whether the account supports password change.
default: false
example: false
accountAttributes:
type: object
nullable: true
description: Map or dictionary of key/value pairs.
additionalProperties: true
example:
type: global
admin: true
trust_level: '4'
accountCount:
type: integer
description: Number of accounts associated with the identity.
format: int32
example: 3
apps:
type: array
description: List of applications the identity has access to.
items:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
account:
type: object
properties:
id:
type: string
description: The SailPoint generated unique ID
example: 2c9180837dfe6949017e21f3d8cd6d49
accountId:
type: string
description: The account ID generated by the source
example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
appCount:
type: integer
format: int32
description: Number of applications the identity has access to.
example: 2
access:
type: array
description: List of access items assigned to the identity.
items:
discriminator:
propertyName: type
mapping:
ACCESS_PROFILE: ../access/AccessProfileSummary.yaml
ENTITLEMENT: ../access/AccessProfileEntitlement.yaml
ROLE: ../access/AccessProfileRole.yaml
oneOf:
- description: This is a summary representation of an access profile.
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
type:
type: string
description: Type of the access item.
example: ACCESS_PROFILE
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
revocable:
type: boolean
example: true
- description: EntitlementReference
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
source:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
type:
type: string
description: Type of the access item.
example: ENTITLEMENT
privileged:
type: boolean
example: false
attribute:
type: string
example: memberOf
value:
type: string
example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
standalone:
type: boolean
example: false
- description: Role
allOf:
- allOf:
- allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
- type: object
properties:
description:
description: Description of access item.
type: string
nullable: true
example: null
- type: object
properties:
type:
type: string
description: Type of the access item.
example: ROLE
owner:
allOf:
- type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
- type: object
properties:
displayName:
type: string
example: John Q. Doe
disabled:
type: boolean
revocable:
type: boolean
accessCount:
type: integer
format: int32
description: Number of access items assigned to the identity.
example: 5
entitlementCount:
type: integer
format: int32
description: Number of entitlements assigned to the identity.
example: 10
roleCount:
type: integer
format: int32
description: Number of roles assigned to the identity.
example: 1
accessProfileCount:
type: integer
format: int32
description: Number of access profiles assigned to the identity.
example: 1
owns:
type: array
description: Access items the identity owns.
items:
type: object
properties:
sources:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
entitlements:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
accessProfiles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
roles:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
apps:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
governanceGroups:
type: array
items:
type: object
properties:
id:
type: string
example: 2c91808568c529c60168cca6f90c1313
description: The unique ID of the referenced object.
name:
type: string
example: John Doe
description: The human readable name of the referenced object.
fallbackApprover:
type: boolean
example: false
ownsCount:
type: integer
format: int32
description: Number of access items the identity owns.
example: 5
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
tagsCount:
type: integer
format: int32
description: Number of tags on the identity.
visibleSegments:
type: array
description: List of segments that the identity is in.
items:
type: string
nullable: true
example:
- All Employees
visibleSegmentCount:
type: integer
format: int32
description: Number of segments the identity is in.
example: 1
- description: Role
allOf:
- type: object
properties:
description:
type: string
description: Access item's description.
example: Admin access
created:
type: string
description: ISO-8601 date-time referring to the time when the object was created.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
type: string
description: ISO-8601 date-time referring to the time when the object was last modified.
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
synced:
type: string
description: |-
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the `synced` time and the time when the updated data is actually available in the search API.
nullable: true
format: date-time
example: '2018-06-25T20:22:33.104Z'
enabled:
type: boolean
description: Indicates whether the access item is currently enabled.
default: false
example: true
requestable:
type: boolean
description: Indicates whether the access item can be requested.
default: true
example: true
requestCommentsRequired:
type: boolean
description: Indicates whether comments are required for requests to access the item.
default: false
example: false
owner:
type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's display name.
example: Support
email:
type: string
description: Owner's email.
example: cloud-support@sailpoint.com
- type: object
required:
- id
- name
properties:
id:
type: string
example: 2c91808375d8e80a0175e1f88a575222
description: ID of the role.
name:
type: string
example: Branch Manager Access
description: Name of the role.
accessProfiles:
type: array
description: Access profiles included with the role.
nullable: true
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
accessProfileCount:
type: integer
description: Number of access profiles included with the role.
nullable: true
format: int32
example: 1
tags:
type: array
description: Tags that have been applied to the object.
items:
type: string
example:
- TAG_1
- TAG_2
nullable: true
segments:
type: array
description: Segments with the role.
nullable: true
items:
type: object
properties:
id:
type: string
example: b009b6e3-b56d-41d9-8735-cb532ea0b017
description: Segment's unique ID.
name:
type: string
example: Test Segment
description: Segment's display name.
segmentCount:
type: integer
description: Number of segments with the role.
nullable: true
format: int32
example: 1
entitlements:
type: array
description: Entitlements included with the role.
nullable: true
items:
allOf:
- type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
- properties:
sourceSchemaObjectType:
type: string
description: Schema objectType.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
entitlementCount:
type: integer
description: Number of entitlements included with the role.
nullable: true
format: int32
example: 3
dimensional:
type: boolean
example: false
default: false
dimensionSchemaAttributeCount:
type: integer
description: Number of dimension attributes included with the role.
nullable: true
format: int32
example: 3
dimensionSchemaAttributes:
type: array
description: Dimension attributes included with the role.
nullable: true
items:
type: object
properties:
derived:
type: boolean
example: true
default: true
displayName:
type: string
description: Displayname of the dimension attribute.
example: Department
name:
type: string
description: Name of the dimension attribute.
example: department
dimensions:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: Unique ID of the dimension.
example: b3c28992ba964a40a7598978139d1ced
name:
type: string
description: Name of the dimension.
example: Manager Austin Branch
description:
type: string
nullable: true
description: Description of the dimension.
example: Managers located at the Austin branch
entitlements:
type: array
description: Entitlements included with the role.
nullable: true
items:
allOf:
- type: object
properties:
hasPermissions:
type: boolean
description: Indicates whether the entitlement has permissions.
default: false
example: false
description:
type: string
description: Entitlement's description.
nullable: true
example: Cloud engineering
attribute:
type: string
description: Entitlement attribute's name.
example: memberOf
value:
type: string
description: Entitlement's value.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
schema:
type: string
description: Entitlement's schema.
example: group
privileged:
type: boolean
description: Indicates whether the entitlement is privileged.
default: false
example: false
id:
type: string
description: Entitlement's ID.
example: 2c918084575812550157589064f33b89
name:
type: string
description: Entitlement's name.
example: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
- properties:
sourceSchemaObjectType:
type: string
description: Schema objectType.
example: group
hash:
type: string
description: Read-only calculated hash value of an entitlement.
example: c6fab95235584cca98a454a2f51e5683bc77d6a0
accessProfiles:
type: array
nullable: true
description: Access profiles included in the dimension.
items:
type: object
properties:
id:
type: string
example: 2c91809c6faade77016fb4f0b63407ae
description: Access profile's unique ID.
name:
type: string
example: Admin Access
description: Access profile's display name.
SavedSearch:
type: object
allOf:
- type: object
properties:
id:
description: |
The saved search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
owner:
description: |
The owner of the saved search.
type: object
properties:
type:
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
- ACCESS_PROFILE
- ACCESS_REQUEST_APPROVAL
- ACCOUNT
- APPLICATION
- CAMPAIGN
- CAMPAIGN_FILTER
- CERTIFICATION
- CLUSTER
- CONNECTOR_SCHEMA
- ENTITLEMENT
- GOVERNANCE_GROUP
- IDENTITY
- IDENTITY_PROFILE
- IDENTITY_REQUEST
- MACHINE_IDENTITY
- LIFECYCLE_STATE
- PASSWORD_POLICY
- ROLE
- RULE
- SOD_POLICY
- SOURCE
- TAG
- TAG_CATEGORY
- TASK_RESULT
- REPORT_RESULT
- SOD_VIOLATION
- ACCOUNT_ACTIVITY
- WORKGROUP
description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
example: IDENTITY
id:
description: |
The id of the object.
type: string
example: 2c91808568c529c60168cca6f90c1313
required:
- type
- id
ownerId:
type: string
description: The ID of the identity that owns this saved search.
example: 2c91808568c529c60168cca6f90c1313
public:
type: boolean
description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time.
default: false
example: false
- type: object
properties:
name:
description: |
The name of the saved search.
type: string
example: Disabled accounts
description:
description: |
The description of the saved search.
type: string
nullable: true
example: Disabled accounts
- type: object
properties:
created:
description: |
The date the saved search was initially created.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
modified:
description: |
The last date the saved search was modified.
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
indices:
description: |
The names of the Elasticsearch indices in which to search.
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
columns:
description: |
The columns to be returned (specifies the order in which they will be presented) for each document type.
The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
type: object
additionalProperties:
type: array
items:
type: object
properties:
field:
description: |
The name of the field.
type: string
example: email
header:
description: |
The value of the header.
type: string
example: Work Email
required:
- field
example:
identity:
- field: displayName
header: Display Name
- field: e-mail
header: Work Email
query:
description: |
The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
type: string
example: '@accounts(disabled:true)'
fields:
description: |
The fields to be searched against in a multi-field query.
type: array
nullable: true
items:
type: string
example:
- disabled
orderBy:
description: |
Sort by index. This takes precedence over the `sort` property.
type: object
additionalProperties:
type: array
items:
type: string
nullable: true
example:
identity:
- lastName
- firstName
role:
- name
sort:
description: |
The fields to be used to sort the search results.
type: array
items:
type: string
example:
- displayName
nullable: true
filters:
nullable: true
allOf:
- type: object
description: The filters to be applied for each filtered field name.
example:
attributes.cloudAuthoritativeSource:
type: EXISTS
exclude: true
accessCount:
type: RANGE
range:
lower:
value: '3'
created:
type: RANGE
range:
lower:
value: '2019-12-01'
inclusive: true
upper:
value: '2020-01-01'
source.name:
type: TERMS
terms:
- HR Employees
- Corporate Active Directory
exclude: true
protected:
type: TERMS
terms:
- 'true'
- type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
required:
- indices
- query
Schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
ScheduledSearch:
type: object
allOf:
- type: object
properties:
id:
description: The scheduled search ID.
type: string
example: 0de46054-fe90-434a-b84e-c6b3359d0c64
readOnly: true
owner:
description: The owner of the scheduled search
readOnly: true
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
ownerId:
description: |
The ID of the scheduled search owner.
Please use the `id` in the `owner` object instead.
type: string
example: 2c9180867624cbd7017642d8c8c81f67
readOnly: true
deprecated: true
- type: object
properties:
name:
description: |
The name of the scheduled search.
type: string
example: Daily disabled accounts
nullable: true
description:
description: |
The description of the scheduled search.
type: string
nullable: true
example: Daily disabled accounts
- type: object
properties:
savedSearchId:
description: The ID of the saved search that will be executed.
type: string
example: 554f1511-f0a1-4744-ab14-599514d3e57c
created:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The date the scheduled search was initially created.
readOnly: true
modified:
allOf:
- type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
description: The last date the scheduled search was modified.
readOnly: true
schedule:
type: object
description: The schedule information.
properties:
type:
description: |
Enum representing the currently supported schedule types.
Additional values may be added in the future without notice.
type: string
enum:
- DAILY
- WEEKLY
- MONTHLY
- CALENDAR
- ANNUALLY
example: WEEKLY
months:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The months to execute the search. This only applies to schedules with a type of `ANNUALLY`.
example:
type: LIST
values:
- '3'
- '6'
- '9'
- '12'
nullable: true
days:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: |
The days to execute the search.
If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`.
If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month.
example:
type: LIST
values:
- MON
- WED
- FRI
nullable: true
hours:
allOf:
- type: object
properties:
type:
description: |
Enum representing the currently supported selector types.
LIST - the *values* array contains one or more distinct values.
RANGE - the *values* array contains two values: the start and end of the range, inclusive.
Additional values may be added in the future without notice.
type: string
enum:
- LIST
- RANGE
example: LIST
values:
description: |
The selected values.
type: array
items:
type: string
example:
- MON
- WED
interval:
nullable: true
description: |
The selected interval for RANGE selectors.
type: integer
format: int32
example: 3
required:
- type
- values
- description: The hours selected.
example:
type: RANGE
values:
- '9'
- '18'
interval: 3
expiration:
type: string
nullable: true
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: A date-time in ISO-8601 format
timeZoneId:
description: 'The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org''s default timezone is used.'
nullable: true
type: string
example: America/Chicago
required:
- type
- hours
recipients:
description: A list of identities that should receive the scheduled search report via email.
type: array
items:
type: object
properties:
type:
type: string
description: The type of object being referenced
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: The ID of the referenced object
example: 2c9180867624cbd7017642d8c8c81f67
required:
- type
- id
enabled:
description: |
Indicates if the scheduled search is enabled.
type: boolean
default: false
example: false
emailEmptyResults:
description: |
Indicates if email generation should occur when search returns no results.
type: boolean
default: false
example: false
displayQueryDetails:
description: |
Indicates if the generated email should include the query and search results preview (which could include PII).
type: boolean
default: false
example: false
required:
- savedSearchId
- schedule
- recipients
required:
- id
- owner
- ownerId
ServiceDeskIntegrationDto:
allOf:
- type: object
description: Service Desk integration's specification.
required:
- name
- description
- type
- attributes
properties:
id:
type: string
description: Unique identifier for the Service Desk integration
example: 62945a496ef440189b1f03e3623411c8
name:
description: Service Desk integration's name. The name must be unique.
type: string
example: Service Desk Integration Name
created:
type: string
format: date-time
description: The date and time the Service Desk integration was created
example: '2024-01-17T18:45:25.994Z'
modified:
type: string
format: date-time
description: The date and time the Service Desk integration was last modified
example: '2024-02-18T18:45:25.994Z'
description:
description: Service Desk integration's description.
type: string
example: A very nice Service Desk integration
type:
description: |
Service Desk integration types:
- ServiceNowSDIM
- ServiceNow
type: string
default: ServiceNowSDIM
example: ServiceNowSDIM
ownerRef:
allOf:
- type: object
description: Owner's identity.
properties:
type:
type: string
description: Owner's DTO type.
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner's identity ID.
example: 2c9180a46faadee4016fb4e018c20639
name:
type: string
description: Owner's name.
example: Support
clusterRef:
allOf:
- type: object
description: Source cluster.
properties:
type:
type: string
description: Source cluster DTO type.
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Source cluster ID.
example: 2c9180847a7fccdd017aa5896f9f4f6f
name:
type: string
description: Source cluster display name.
example: Training VA
cluster:
description: 'Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility).'
type: string
example: xyzzy999
deprecated: true
nullable: true
managedSources:
description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility).'
type: array
items:
type: string
deprecated: true
example:
- 2c9180835d191a86015d28455b4a2329
- 2c5680835d191a85765d28455b4a9823
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
attributes:
description: Service Desk integration's attributes. Validation constraints enforced by the implementation.
type: object
additionalProperties: true
example:
property: value
key: value
beforeProvisioningRule:
allOf:
- type: object
description: Before Provisioning Rule.
properties:
type:
type: string
description: Before Provisioning Rule DTO type.
enum:
- RULE
example: RULE
id:
type: string
description: Before Provisioning Rule ID.
example: 048eb3d55c5a4758bd07dccb87741c78
name:
type: string
description: Rule display name.
example: Before Provisioning Airtable Rule
ServiceDeskIntegrationTemplateDto:
allOf:
- type: object
required:
- name
properties:
id:
description: System-generated unique ID of the Object
type: string
example: id12345
readOnly: true
name:
description: Name of the Object
type: string
example: aName
nullable: true
created:
description: Creation date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
modified:
description: Last modification date of the Object
type: string
example: '2015-05-28T14:07:17Z'
format: date-time
readOnly: true
- type: object
description: 'This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.'
required:
- type
- attributes
- provisioningConfig
properties:
type:
description: The 'type' property specifies the type of the Service Desk integration template.
type: string
example: Web Service SDIM
default: Web Service SDIM
attributes:
description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template.
type: object
additionalProperties: true
example:
property: value
key: value
provisioningConfig:
description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template.
type: object
properties:
universalManager:
description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
type: boolean
readOnly: true
default: false
example: true
managedResourceRefs:
description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
type: array
items:
allOf:
- type: object
description: Source for Service Desk integration template.
properties:
type:
type: string
description: DTO type of source for service desk integration template.
enum:
- SOURCE
example: SOURCE
id:
type: string
description: ID of source for service desk integration template.
example: 2c9180835d191a86015d28455b4b232a
name:
type: string
description: Human-readable name of source for service desk integration template.
example: HR Active Directory
example:
- type: SOURCE
id: 2c9180855d191c59015d291ceb051111
name: My Source 1
- type: SOURCE
id: 2c9180855d191c59015d291ceb052222
name: My Source 2
planInitializerScript:
description: This is a reference to a plan initializer script.
type: object
nullable: true
properties:
source:
description: This is a Rule that allows provisioning instruction changes.
type: string
example: |
\r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n
noProvisioningRequests:
description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration.
type: boolean
default: false
example: true
provisioningRequestExpiration:
description: 'When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation.'
type: integer
format: int32
example: 7
ServiceDeskIntegrationTemplateType:
description: This represents a Service Desk Integration template type.
required:
- type
- scriptName
type: object
properties:
name:
description: This is the name of the type.
example: aName
type: string
type:
description: This is the type value for the type.
example: aType
type: string
scriptName:
description: This is the scriptName attribute value for the type.
example: aScriptName
type: string
Source:
type: object
properties:
id:
type: string
readOnly: true
description: Source ID.
example: 2c91808568c529c60168cca6f90c1324
name:
type: string
description: Source's human-readable name.
example: My Source
description:
type: string
description: Source's human-readable description.
example: This is the corporate directory.
owner:
description: Reference to identity object who owns the source.
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- IDENTITY
example: IDENTITY
id:
type: string
description: Owner identity's ID.
example: 2c91808568c529c60168cca6f90c1313
name:
type: string
description: Owner identity's human-readable display name.
example: MyName
cluster:
description: Reference to the source's associated cluster.
type: object
nullable: true
required:
- name
- id
- type
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CLUSTER
example: CLUSTER
id:
type: string
description: Cluster ID.
example: 2c9180866166b5b0016167c32ef31a66
name:
type: string
description: Cluster's human-readable display name.
example: Corporate Cluster
accountCorrelationConfig:
description: Reference to account correlation config object.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- ACCOUNT_CORRELATION_CONFIG
example: ACCOUNT_CORRELATION_CONFIG
id:
type: string
description: Account correlation config ID.
example: 2c9180855d191c59015d28583727245a
name:
type: string
description: Account correlation config's human-readable display name.
example: 'Directory [source-62867] Account Correlation'
accountCorrelationRule:
description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
managerCorrelationMapping:
allOf:
- type: object
properties:
accountAttributeName:
type: string
description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
example: manager
identityAttributeName:
type: string
description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
example: manager
- nullable: true
description: |
Filter object used during manager correlation to match incoming manager values to an existing manager's
account/identity.
managerCorrelationRule:
description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
beforeProvisioningRule:
description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. '
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- RULE
example: RULE
id:
type: string
description: Rule ID.
example: 2c918085708c274401708c2a8a760001
name:
type: string
description: Rule's human-readable display name.
example: Example Rule
schemas:
type: array
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- CONNECTOR_SCHEMA
example: CONNECTOR_SCHEMA
id:
type: string
description: Schema ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Schema's human-readable display name.
example: MySchema
description: List of references to schema objects.
example:
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232a
name: account
- type: CONNECTOR_SCHEMA
id: 2c9180835d191a86015d28455b4b232b
name: group
passwordPolicies:
type: array
nullable: true
items:
type: object
properties:
type:
description: Type of object being referenced.
type: string
enum:
- PASSWORD_POLICY
example: PASSWORD_POLICY
id:
type: string
description: Policy ID.
example: 2c91808568c529c60168cca6f90c1777
name:
type: string
description: Policy's human-readable display name.
example: My Password Policy
description: List of references to the associated PasswordPolicy objects.
example:
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb053980
name: Corporate Password Policy
- type: PASSWORD_POLICY
id: 2c9180855d191c59015d291ceb057777
name: Vendor Password Policy
features:
type: array
items:
type: string
enum:
- AUTHENTICATE
- COMPOSITE
- DIRECT_PERMISSIONS
- DISCOVER_SCHEMA
- ENABLE
- MANAGER_LOOKUP
- NO_RANDOM_ACCESS
- PROXY
- SEARCH
- TEMPLATE
- UNLOCK
- UNSTRUCTURED_TARGETS
- SHAREPOINT_TARGET
- PROVISIONING
- GROUP_PROVISIONING
- SYNC_PROVISIONING
- PASSWORD
- CURRENT_PASSWORD
- ACCOUNT_ONLY_REQUEST
- ADDITIONAL_ACCOUNT_REQUEST
- NO_AGGREGATION
- GROUPS_HAVE_MEMBERS
- NO_PERMISSIONS_PROVISIONING
- NO_GROUP_PERMISSIONS_PROVISIONING
- NO_UNSTRUCTURED_TARGETS_PROVISIONING
- NO_DIRECT_PERMISSIONS_PROVISIONING
- PREFER_UUID
- ARM_SECURITY_EXTRACT
- ARM_UTILIZATION_EXTRACT
- ARM_CHANGELOG_EXTRACT
- USES_UUID
- APPLICATION_DISCOVERY
example: AUTHENTICATE
description: |-
Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors.
* AUTHENTICATE: The source supports pass-through authentication.
* COMPOSITE: The source supports composite source creation.
* DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
* DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
* ENABLE The source supports reading if an account is enabled or disabled.
* MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
* NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
* PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
* SEARCH
* TEMPLATE
* UNLOCK: The source supports reading if an account is locked or unlocked.
* UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
* SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
* PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
* GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
* SYNC_PROVISIONING: The source can provision accounts synchronously.
* PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
* CURRENT_PASSWORD: Some source types support verification of the current password
* ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
* ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
* NO_AGGREGATION: A source that does not support aggregation.
* GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
* NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
* NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
* NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
* USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure.
* PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning.
* ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM
* ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM
* ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM
example:
- PROVISIONING
- NO_PERMISSIONS_PROVISIONING
- GROUPS_HAVE_MEMBERS
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
connector:
type: string
description: Connector script name.
example: active-directory
connectorClass:
type: string
description: Fully qualified name of the Java class that implements the connector interface.
example: sailpoint.connector.LDAPConnector
connectorAttributes:
type: object
description: Connector specific configuration. This configuration will differ from type to type.
example:
healthCheckTimeout: 30
authSearchAttributes:
- cn
- uid
- mail
deleteThreshold:
type: integer
format: int32
description: Number from 0 to 100 that specifies when to skip the delete phase.
example: 10
authoritative:
type: boolean
description: 'When this is true, it indicates that the source is referenced by an identity profile.'
default: false
example: false
managementWorkgroup:
description: Reference to management workgroup for the source.
type: object
nullable: true
properties:
type:
description: Type of object being referenced.
type: string
enum:
- GOVERNANCE_GROUP
example: GOVERNANCE_GROUP
id:
type: string
description: Management workgroup ID.
example: 2c91808568c529c60168cca6f90c2222
name:
type: string
description: Management workgroup's human-readable display name.
example: My Management Workgroup
healthy:
type: boolean
description: 'When this is true, it indicates that the source is healthy.'
default: false
example: true
status:
type: string
enum:
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
description: 'Status identifier that gives specific information about why a source is or isn''t healthy. '
example: SOURCE_STATE_HEALTHY
since:
type: string
description: Timestamp that shows when a source health check was last performed.
example: '2021-09-28T15:48:29.3801666300Z'
connectorId:
type: string
description: Connector ID
example: active-directory
connectorName:
type: string
description: Name of the connector that was chosen during source creation.
example: Active Directory
connectionType:
type: string
description: Type of connection (direct or file).
example: file
connectorImplementationId:
type: string
description: Connector implementation ID.
example: delimited-file
created:
type: string
description: Date-time when the source was created
format: date-time
example: '2022-02-08T14:50:03.827Z'
modified:
type: string
description: Date-time when the source was last modified.
format: date-time
example: '2024-01-23T18:08:50.897Z'
credentialProviderEnabled:
type: boolean
description: 'If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials.'
default: false
example: false
category:
type: string
nullable: true
default: null
description: 'Source category (e.g. null, CredentialProvider).'
example: CredentialProvider
required:
- name
- owner
- connector
SourceHealthDto:
type: object
description: Dto for source health data
properties:
id:
type: string
readOnly: true
description: the id of the Source
example: 2c91808568c529c60168cca6f90c1324
type:
type: string
description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. '
example: OpenLDAP - Direct
name:
type: string
description: the name of the source
example: Source1234
org:
type: string
description: source's org
example: denali-cjh
isAuthoritative:
type: boolean
example: false
description: Is the source authoritative
isCluster:
type: boolean
example: false
description: Is the source in a cluster
hostname:
type: string
example: megapod-useast1-secret-hostname.sailpoint.com
description: source's hostname
pod:
type: string
description: source's pod
example: megapod-useast1
iqServiceVersion:
type: string
nullable: true
description: The version of the iqService
example: iqVersion123
status:
type: string
enum:
- SOURCE_STATE_ERROR_CLUSTER
- SOURCE_STATE_ERROR_SOURCE
- SOURCE_STATE_ERROR_VA
- SOURCE_STATE_FAILURE_CLUSTER
- SOURCE_STATE_FAILURE_SOURCE
- SOURCE_STATE_HEALTHY
- SOURCE_STATE_UNCHECKED_CLUSTER
- SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
- SOURCE_STATE_UNCHECKED_SOURCE
- SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
- SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT
description: connection test result
example: SOURCE_STATE_UNCHECKED_SOURCE
SourceSchedule:
type: object
required:
- type
- cronExpression
properties:
type:
type: string
enum:
- ACCOUNT_AGGREGATION
- GROUP_AGGREGATION
description: The type of the Schedule.
example: ACCOUNT_AGGREGATION
cronExpression:
type: string
description: The cron expression of the schedule.
example: '0 0 5,13,21 * * ?'
Transform:
type: object
description: The representation of an internally- or customer-defined transform.
required:
- name
- type
- attributes
properties:
name:
type: string
description: Unique name of this transform
example: Timestamp To Date
minLength: 1
maxLength: 50
type:
type: string
description: The type of transform operation
enum:
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- rule
- identityAttribute
- indexOf
- iso3166
- lastIndexOf
- leftPad
- lookup
- lower
- normalizeNames
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- usernameGenerator
- uuid
- displayName
- rfc5646
example: dateFormat
externalDocs:
description: Transform Operations
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
attributes:
nullable: true
description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Decode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: base64Encode
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: concat
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of items to join together
example:
- John
- ' '
- Smith
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: conditional
type: object
required:
- expression
- positiveCondition
- negativeCondition
properties:
expression:
type: string
description: |-
A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
The `eq` operator is the only valid comparison
example: ValueA eq ValueB
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: 'false'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateCompare
type: object
required:
- firstDate
- secondDate
- operator
- positiveCondition
- negativeCondition
properties:
firstDate:
description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
secondDate:
description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf:
- title: accountAttribute
type: object
required:
- sourceName
- attributeName
properties:
sourceName:
type: string
description: A reference to the source to search for the account
example: Workday
attributeName:
type: string
description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
example: DEPARTMENT
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
example: created
default: created
accountSortDescending:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
example: false
default: false
accountReturnFirstLink:
type: boolean
description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
example: false
default: false
accountFilter:
type: string
description: |-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: |-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
operator:
type: string
description: |
This is the comparison to perform.
| Operation | Description |
| --------- | ------- |
| LT | Strictly less than: `firstDate < secondDate` |
| LTE | Less than or equal to: `firstDate <= secondDate` |
| GT | Strictly greater than: `firstDate > secondDate` |
| GTE | Greater than or equal to: `firstDate >= secondDate` |
enum:
- LT
- LTE
- GT
- GTE
example: LT
positiveCondition:
type: string
description: The output of the transform if the expression evalutes to true
example: 'true'
negativeCondition:
type: string
description: The output of the transform if the expression evalutes to false
example: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateFormat
type: object
properties:
inputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
outputFormat:
description: |-
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
*If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
oneOf:
- title: Named Construct
type: string
description: |
| Construct | Date Time Pattern | Description |
| --------- | ----------------- | ----------- |
| ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
| LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
| PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
| EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
| EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
enum:
- ISO8601
- LDAP
- PEOPLE_SOFT
- EPOCH_TIME_JAVA
- EPOCH_TIME_WIN32
example: PEOPLE_SOFT
- title: Java Simple Date Format
type: string
description: |
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
>NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
(This table is from the SimpleDateFormat page.)
| Date Time Pattern | Result |
| ----------------- | ------ |
| `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
| `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
| `h:mm a` | 12:08 PM |
| `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
| `K:mm a, z` | 0:08 PM, PDT |
| `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
| `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
| `yyMMddHHmmssZ` | 010704120856-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
| `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
| `YYYY-'W'ww-u` | 2001-W27-3 |
example: mm/dd/yyyy
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: dateMath
type: object
required:
- expression
properties:
expression:
type: string
description: |
A string value of the date and time components to operation on, along with the math operations to execute.
externalDocs:
description: Date Math Expressions
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
example: now+1w
roundUp:
type: boolean
description: |
A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
If not provided, the transform will default to `false`
`true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
`false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: decomposeDiacriticalMarks
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: e164phone
type: object
properties:
defaultRegion:
type: string
description: |
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
example: US
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: firstValid
type: object
required:
- values
properties:
values:
type: array
items:
type: object
description: An array of attributes to evaluate for existence.
example:
- attributes:
sourceName: Active Directory
attributeName: sAMAccountName
type: accountAttribute
- attributes:
sourceName: Okta
attributeName: login
type: accountAttribute
- attributes:
sourceName: HR Source
attributeName: employeeID
type: accountAttribute
ignoreErrors:
type: boolean
description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
example: false
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: rule
oneOf:
- type: object
required:
- name
properties:
name:
type: string
description: This is the name of the Transform rule that needs to be invoked by the transform
example: Transform Calculation Rule
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- type: object
required:
- name
- operation
- includeNumbers
- includeSpecialChars
- length
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `generateRandomString`
example: generateRandomString
includeNumbers:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
example: true
includeSpecialChars:
type: boolean
description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
example: true
length:
type: string
description: |
This specifies how long the randomly generated string needs to be
>NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- type: object
required:
- name
- operation
- uid
properties:
name:
type: string
description: This must always be set to "Cloud Services Deployment Utility"
example: Cloud Services Deployment Utility
operation:
type: string
description: The operation to perform `getReferenceIdentityAttribute`
example: getReferenceIdentityAttribute
uid:
type: string
description: |
This is the SailPoint User Name (uid) value of the identity whose attribute is desired
As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
example: 2c91808570313110017040b06f344ec9
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
- title: identityAttribute
type: object
required:
- name
properties:
name:
type: string
description: The system (camel-cased) name of the identity attribute to bring in
example: email
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: indexOf
type: object
required:
- substring
properties:
substring:
type: string
description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
example: admin_
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: iso3166
type: object
properties:
format:
type: string
description: |
An optional value to denote which ISO 3166 format to return. Valid values are:
`alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
`alpha3` - Three-character country code (e.g., "USA")
`numeric` - The numeric country code (e.g., "840")
example: alpha2
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: leftPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lookup
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: |
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
>**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
example:
USA: Americas
FRA: EMEA
AUS: APAC
default: Unknown Region
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: lower
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: nameNormalizer
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomAlphaNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: randomNumeric
type: object
properties:
length:
type: string
description: |
This is an integer value specifying the size/number of characters the random string must contain
* This value must be a positive number and cannot be blank
* If no length is provided, the transform will default to a value of `32`
* Due to identity attribute data constraints, the maximum allowable value is `450` characters
example: '10'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: reference
type: object
required:
- id
properties:
id:
type: string
description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
example: Existing Transform
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replaceAll
type: object
required:
- table
properties:
table:
type: object
additionalProperties: true
description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
example:
'-': ' '
'"': ''''
ñ: 'n'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: replace
type: object
required:
- regex
- replacement
properties:
regex:
type: string
description: This can be a string or a regex pattern in which you want to replace.
example: '[^a-zA-Z]'
externalDocs:
description: Regex Builder
url: 'https://regex101.com/'
replacement:
type: string
description: This is the replacement string that should be substituded wherever the string or pattern is found.
example: ' '
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: rightPad
type: object
required:
- length
properties:
length:
type: string
description: An integer value for the desired length of the final output string
example: '4'
padding:
type: string
description: |
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
example: '0'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: split
type: object
required:
- delimiter
- index
properties:
delimiter:
type: string
description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
example: ','
index:
type: string
description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
example: '5'
throws:
type: boolean
description: |
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
`true` - The transform should return "IndexOutOfBoundsException"
`false` - The transform should return null
If not provided, the transform will default to false and return a null
example: true
default: false
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: static
type: object
required:
- values
properties:
values:
type: string
description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
example: string$variable
externalDocs:
description: Static Transform Documentation
url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
- title: substring
type: object
required:
- begin
properties:
begin:
type: integer
description: |
The index of the first character to include in the returned substring.
If `begin` is set to -1, the transform will begin at character 0 of the input data
example: 1
format: int32
beginOffset:
type: integer
description: |
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
example: 3
format: int32
end:
type: integer
description: |
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
example: 6
format: int32
endOffset:
type: integer
description: |
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
example: 1
format: int32
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: trim
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: upper
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
input:
type: object
description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
additionalProperties: true
example:
type: accountAttribute
attributes:
attributeName: first_name
sourceName: Source
- title: uuid
type: object
properties:
requiresPeriodicRefresh:
type: boolean
description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
example: false
default: false
WorkItems:
type: object
properties:
id:
type: string
description: ID of the work item
example: 2c9180835d2e5168015d32f890ca1581
requesterId:
type: string
description: ID of the requester
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
requesterDisplayName:
type: string
description: The displayname of the requester
example: John Smith
nullable: true
ownerId:
type: string
description: The ID of the owner
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
ownerName:
type: string
description: The name of the owner
example: Jason Smith
created:
type: string
format: date-time
example: '2017-07-11T18:45:37.098Z'
description: Time when the work item was created
modified:
type: string
format: date-time
example: '2018-06-25T20:22:28.104Z'
description: Time when the work item was last updated
nullable: true
description:
type: string
description: The description of the work item
example: Create account on source 'AD'
state:
type: string
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
example: Finished
description: The state of a work item
type:
type: string
enum:
- Generic
- Certification
- Remediation
- Delegation
- Approval
- ViolationReview
- Form
- PolicyVioloation
- Challenge
- ImpactAnalysis
- Signoff
- Event
- ManualAction
- Test
example: Generic
description: The type of the work item
remediationItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The ID of the certification
example: 2c9180835d2e5168015d32f890ca1581
targetId:
type: string
description: The ID of the certification target
example: 2c9180835d2e5168015d32f890ca1581
targetName:
type: string
description: The name of the certification target
example: john.smith
targetDisplayName:
type: string
description: The display name of the certification target
example: emailAddress
applicationName:
type: string
description: The name of the application/source
example: Active Directory
attributeName:
type: string
description: The name of the attribute being certified
example: phoneNumber
attributeOperation:
type: string
description: The operation of the certification on the attribute
example: update
attributeValue:
type: string
description: The value of the attribute being certified
example: 512-555-1212
nativeIdentity:
type: string
description: The native identity of the target
example: jason.smith2
description: A list of remediation items
approvalItems:
type: array
nullable: true
items:
type: object
properties:
id:
type: string
description: The approval item's ID
example: 2c9180835d2e5168015d32f890ca1581
account:
type: string
description: The account referenced by the approval item
example: john.smith
nullable: true
application:
type: string
description: The name of the application/source
example: Active Directory
name:
type: string
description: The attribute's name
example: emailAddress
nullable: true
operation:
type: string
description: The attribute's operation
example: update
value:
type: string
description: The attribute's value
example: a@b.com
nullable: true
state:
allOf:
- type: string
nullable: true
enum:
- Finished
- Rejected
- Returned
- Expired
- Pending
- Canceled
- null
example: Pending
description: The state of a work item
- nullable: true
description: A list of items that need to be approved
name:
type: string
description: The work item name
example: Account Create
nullable: true
completed:
type: string
format: date-time
example: '2018-10-19T13:49:37.385Z'
description: The time at which the work item completed
nullable: true
numItems:
type: integer
format: int32
description: The number of items in the work item
example: 19
nullable: true
form:
allOf:
- type: object
properties:
id:
type: string
description: ID of the form
example: 2c9180835d2e5168015d32f890ca1581
nullable: true
name:
type: string
description: Name of the form
example: AccountSelection Form
nullable: true
title:
type: string
nullable: true
description: The form title
example: Account Selection for John.Doe
subtitle:
type: string
nullable: true
description: The form subtitle.
example: Please select from the following
targetUser:
type: string
description: The name of the user that should be shown this form
example: Jane.Doe
sections:
type: array
items:
type: object
allOf:
- type: object
properties:
name:
type: string
nullable: true
description: Name of the FormItem
example: Field1
- type: object
properties:
label:
type: string
nullable: true
description: Label of the section
example: Section 1
formItems:
type: array
items:
type: object
description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
example: []
description: Sections of the form
- nullable: true
errors:
type: array
items:
type: string
example:
- The work item ID that was specified was not found.
description: An array of errors that ocurred during the work item
WorkItemsCount:
type: object
properties:
count:
type: integer
description: The count of work items
example: 29
WorkItemsSummary:
type: object
properties:
open:
type: integer
description: The count of open work items
example: 29
completed:
type: integer
description: The count of completed work items
example: 1
total:
type: integer
description: The count of total work items
example: 30
AccountUsage:
type: object
properties:
date:
type: string
format: date
description: The first day of the month for which activity is aggregated.
example: '2023-04-21'
count:
type: integer
format: int64
description: The number of days within the month that the account was active in a source.
example: 10
SourceUsage:
type: object
properties:
date:
type: string
format: date
description: The first day of the month for which activity is aggregated.
example: '2023-04-21'
count:
type: number
format: float
description: 'The average number of days that accounts were active within this source, for the month.'
example: 10.45
SourceUsageStatus:
type: object
properties:
status:
type: string
description: |-
Source Usage Status. Acceptable values are:
- COMPLETE
- This status means that an activity data source has been setup and usage insights are available for the source.
- INCOMPLETE
- This status means that an activity data source has not been setup and usage insights are not available for the source.
example: COMPLETE
enum:
- COMPLETE
- INCOMPLETE
BrandingItem:
type: object
properties:
name:
type: string
description: name of branding item
example: default
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
nullable: true
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
nullable: true
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
nullable: true
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
nullable: true
standardLogoURL:
type: string
description: url to standard logo
example: ''
nullable: true
loginInformationalMessage:
type: string
description: login information message
example: ''
nullable: true
BrandingItemCreate:
type: object
required:
- name
- productName
properties:
name:
type: string
description: name of branding item
example: custom-branding-item
productName:
type: string
description: product name
example: product name
nullable: true
actionButtonColor:
type: string
description: hex value of color for action button
example: 0074D9
activeLinkColor:
type: string
description: hex value of color for link
example: 011E69
navigationColor:
type: string
description: hex value of color for navigation bar
example: 011E69
emailFromAddress:
type: string
description: email from address
example: no-reply@sailpoint.com
loginInformationalMessage:
type: string
description: login information message
example: ''
fileStandard:
type: string
format: binary
description: png file with logo
example: \x00\x00\x00\x02
RoleBulkUpdateResponse:
type: object
properties:
id:
type: string
description: ID of the task which is executing the bulk update. This also used in to the bulk-update/** API to track status.
example: 2c9180867817ac4d017817c491119a20
type:
type: string
description: Type of the bulk update object.
example: Role
status:
type: string
description: 'The status of the bulk update request, could also checked by getBulkUpdateStatus API'
enum:
- CREATED
- PRE_PROCESS
- PRE_PROCESS_COMPLETED
- POST_PROCESS
- COMPLETED
- CHUNK_PENDING
- CHUNK_PROCESSING
example: CREATED
created:
type: string
description: Time when the bulk update request was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
RoleGetAllBulkUpdateResponse:
type: object
properties:
id:
type: string
description: ID of the task which is executing the bulk update. This also used in to the bulk-update/** API to track status.
example: 2c9180867817ac4d017817c491119a20
type:
type: string
description: Type of the bulk update object.
example: Role
status:
type: string
description: 'The status of the bulk update request, only list unfinished request''s status, the status could also checked by getBulkUpdateStatus API'
enum:
- CREATED
- PRE_PROCESS
- POST_PROCESS
- CHUNK_PENDING
- CHUNK_PROCESSING
example: CREATED
created:
type: string
description: Time when the bulk update request was created
format: date-time
example: '2020-10-08T18:33:52.029Z'
RoleListFilterDTO:
description: AMMFilterValues
type: object
properties:
filters:
type: string
description: |-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**requestable**: *eq*
example: dimensional eq false
nullable: true
ammKeyValues:
nullable: true
type: array
items:
type: object
properties:
attribute:
description: attribute key of a metadata.
type: string
example: iscFederalClassifications
values:
description: 'A list of attribute key names to filter roles. If the values is empty, will only filter by attribute key.'
type: array
items:
type: string
example: secret
example:
- secret
example:
- attribute: iscFederalClassifications
values:
- secret
RoleMetadataBulkUpdateByFilterRequest:
description: This API initialize a a Bulk update by filter request of Role metadata. The maximum meta data values that one single role assigned can not exceed 25. Custom metadata need suit licensed.
type: object
properties:
filters:
description: |-
Filtering is supported for the following fields and operators:
**id** : *eq, in*
**name** : *eq, sw*
**created** : *gt, lt, ge, le*
**modified** : *gt, lt, ge, le*
**owner.id** : *eq, in*
**requestable** : *eq*
type: string
example: ' requestable eq false'
operation:
description: The operation to be performed
type: string
enum:
- ADD
- REMOVE
- REPLACE
example: REPLACE
replaceScope:
description: The choice of update scope.
type: string
enum:
- ALL
- ATTRIBUTE
example: ALL
values:
description: 'The metadata to be updated, including attribute key and value.'
type: array
nullable: false
items:
type: object
required:
- attribute
- values
properties:
attributeKey:
type: string
description: the key of metadata attribute
example: iscFederalClassifications
values:
type: array
description: the values of attribute to be updated
items:
type: string
example: secret
nullable: true
example:
- secret
example:
- attribute: iscFederalClassifications
values:
- topSecret
required:
- filters
- operation
- values
RoleMetadataBulkUpdateByIdRequest:
description: This API initialize a Bulk update by Id request of Role metadata. The maximum role count in a single update request is 3000. The maximum meta data values that one single role assigned can not exceed 25. Custom metadata need suit licensed.
type: object
properties:
roles:
description: Roles' Id to be updated
type: array
items:
type: string
example:
- b1db89554cfa431cb8b9921ea38d9367
operation:
description: The operation to be performed
type: string
enum:
- ADD
- REMOVE
- REPLACE
example: REPLACE
replaceScope:
description: The choice of update scope.
type: string
enum:
- ALL
- ATTRIBUTE
example: ALL
values:
description: 'The metadata to be updated, including attribute key and value.'
type: array
nullable: false
items:
type: object
required:
- attribute
- values
properties:
attribute:
type: string
description: the key of metadata attribute
example: iscFederalClassifications
values:
type: array
description: the values of attribute to be updated
items:
type: string
example: secret
nullable: true
example:
- secret
example:
- attribute: iscFederalClassifications
values:
- topSecret
required:
- roles
- operation
- values
RoleMetadataBulkUpdateByQueryRequest:
description: |-
Bulk update by query request of Role metadata. The maximum meta data values that one single role assigned can not exceed 25. Custom metadata need suit licensed.
For more information about the query could refer to [V3 API Perform Search](https://developer.sailpoint.com/docs/api/v3/search-post)
type: object
properties:
query:
description: query the identities to be updated
type: object
items:
type: object
properties:
indices:
description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.'
externalDocs:
description: Learn more about search indices here.
url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html'
type: array
items:
description: |-
Enum representing the currently supported indices.
Additional values may be added in the future without notice.
type: string
enum:
- accessprofiles
- accountactivities
- entitlements
- events
- identities
- roles
- '*'
example: identities
example:
- identities
queryType:
description: |-
The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.
To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
- TEXT
- TYPEAHEAD
default: SAILPOINT
example: SAILPOINT
queryVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the query object.
This version number will map to the version of Elasticsearch for the query strings and objects being used.
query:
type: object
description: Query parameters used to construct an Elasticsearch query object.
properties:
query:
description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'name:a*'
fields:
description: |-
The fields the query will be applied to. Fields provide you with a simple way to add additional fields to search, without making the query too complicated. For example, you can use the fields to specify that you want your query of "a*" to be applied to "name", "firstName", and the "source.name". The response will include all results matching the "a*" query found in those three fields.
A field's availability depends on the indices being searched. For example, if you are searching "identities", you can apply your search to the "firstName" field, but you couldn't use "firstName" with a search on "access profiles". Refer to the response schema for the respective lists of available fields.
type: string
example:
- 'firstName,lastName,email'
timeZone:
description: The time zone to be applied to any range query related to dates.
type: string
example: America/Chicago
innerHit:
description: The innerHit query object returns a flattened list of results for the specified nested type.
type: object
required:
- query
- type
properties:
query:
description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
type: string
example: 'source.name:\"Active Directory\"'
type:
description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.'
type: string
example: access
queryDsl:
description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.'
type: object
example:
match:
name: john.doe
textQuery:
type: object
description: Query parameters used to construct an Elasticsearch text query object.
required:
- terms
- fields
properties:
terms:
description: Words or characters that specify a particular thing to be searched for.
type: array
items:
type: string
example:
- The quick brown fox
- '3141592'
- '7'
fields:
description: The fields to be searched.
type: array
items:
type: string
example:
- displayName
- employeeNumber
- roleCount
matchAny:
description: 'Indicates that at least one of the terms must be found in the specified fields; otherwise, all terms must be found.'
type: boolean
default: false
example: false
contains:
description: 'Indicates that the terms can be located anywhere in the specified fields; otherwise, the fields must begin with the terms.'
type: boolean
default: false
example: true
typeAheadQuery:
type: object
description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." '
required:
- query
- field
properties:
query:
description: The type ahead query string used to construct a phrase prefix match query.
type: string
example: Work
field:
description: The field on which to perform the type ahead search.
type: string
example: source.name
nestedType:
description: The nested type.
type: string
example: access
maxExpansions:
description: |-
The number of suffixes the last term will be expanded into.
Influences the performance of the query and the number results returned.
Valid values: 1 to 1000.
type: integer
format: int32
minimum: 1
maximum: 1000
default: 10
example: 10
size:
description: The max amount of records the search will return.
type: integer
format: int32
minimum: 1
default: 100
example: 100
sort:
description: The sort order of the returned records.
type: string
default: desc
example: asc
sortByValue:
description: 'The flag that defines the sort type, by count or value.'
type: boolean
default: false
example: true
includeNested:
description: Indicates whether nested objects from returned search results should be included.
type: boolean
default: true
example: true
queryResultFilter:
type: object
description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.
properties:
includes:
description: The list of field names to include in the result documents.
type: array
items:
type: string
example:
- name
- displayName
excludes:
description: The list of field names to exclude from the result documents.
type: array
items:
type: string
example:
- stacktrace
aggregationType:
description: |
Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.
Additional values may be added in the future without notice.
type: string
enum:
- DSL
- SAILPOINT
default: DSL
example: DSL
aggregationsVersion:
allOf:
- description: The current Elasticserver version.
type: string
default: '5.2'
example: '5.2'
- type: string
description: |-
The version of the language being used for aggregation queries.
This version number will map to the version of Elasticsearch for the aggregation query object.
aggregationsDsl:
description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.'
type: object
example: {}
aggregations:
description: |
The aggregation’s specifications, such as the groupings and calculations to be performed.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
description: Aggregation to be performed on the result of the parent bucket aggregation.
allOf:
- type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
- type: object
properties:
subAggregation:
type: object
properties:
nested:
type: object
description: The nested aggregation object.
required:
- name
- type
properties:
name:
description: The name of the nested aggregate to be included in the result.
type: string
example: id
type:
description: The type of the nested object.
type: string
example: access
metric:
type: object
description: The calculation done on the results of the query
required:
- name
- field
properties:
name:
description: |-
The name of the metric aggregate to be included in the result.
If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
type: string
example: Access Name Count
type:
description: |-
Enum representing the currently supported metric aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- COUNT
- UNIQUE_COUNT
- AVG
- SUM
- MEDIAN
- MIN
- MAX
default: UNIQUE_COUNT
example: COUNT
field:
description: |
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
type: string
example: '@access.name'
filter:
type: object
description: An additional filter to constrain the results of the search query.
required:
- name
- field
- value
properties:
name:
description: The name of the filter aggregate to be included in the result.
type: string
example: Entitlements
type:
description: |-
Enum representing the currently supported filter aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERM
default: TERM
example: TERM
field:
description: |
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
type: string
example: access.type
value:
description: The value to filter on.
type: string
example: ENTITLEMENT
bucket:
type: object
description: The bucket to group the results of the aggregation query by.
required:
- name
- field
properties:
name:
description: The name of the bucket aggregate to be included in the result.
type: string
example: Identity Locations
type:
description: |-
Enum representing the currently supported bucket aggregation types.
Additional values may be added in the future without notice.
type: string
enum:
- TERMS
default: TERMS
example: TERMS
field:
description: |-
The field to bucket on.
Prefix the field name with '@' to reference a nested object.
type: string
example: attributes.city
size:
description: Maximum number of buckets to include.
type: integer
format: int32
example: 100
minDocCount:
description: Minimum number of documents a bucket should have.
type: integer
format: int32
example: 2
description: Aggregation to be performed on the result of the parent bucket aggregation.
sort:
description: The fields to be used to sort the search results. Use + or - to specify the sort direction.
type: array
items:
type: string
example:
- displayName
- +id
searchAfter:
description: |-
Used to begin the search window at the values specified.
This parameter consists of the last values of the sorted fields in the current record set.
This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.
It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging.
For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"].
If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity.
The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"]
type: array
items:
type: string
example:
- John Doe
- 2c91808375d8e80a0175e1f88a575221
filters:
description: The filters to be applied for each filtered field name.
type: object
additionalProperties:
type: object
properties:
type:
description: |-
Enum representing the currently supported filter types.
Additional values may be added in the future without notice.
type: string
enum:
- EXISTS
- RANGE
- TERMS
example: RANGE
range:
type: object
description: The range of values to be filtered.
properties:
lower:
description: The lower bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
upper:
description: The upper bound of the range.
type: object
required:
- value
properties:
value:
description: The value of the range's endpoint.
type: string
example: '1'
inclusive:
description: Indicates if the endpoint is included in the range.
type: boolean
default: false
example: false
terms:
description: The terms to be filtered.
type: array
items:
type: string
example: account_count
exclude:
description: Indicates if the filter excludes results.
type: boolean
default: false
example: false
example: {}
example:
query":
indices:
- roles
queryType: TEXT
textQuery:
terms:
- test123
fields:
- id
matchAny: false
contains: true
includeNested: false
operation:
description: The operation to be performed
type: string
enum:
- ADD
- REMOVE
- REPLACE
example: REPLACE
replaceScope:
description: The choice of update scope.
type: string
enum:
- ALL
- ATTRIBUTE
example: ALL
values:
description: 'The metadata to be updated, including attribute key and value.'
type: array
nullable: false
items:
type: object
required:
- attribute
- values
properties:
attributeKey:
type: string
description: the key of metadata attribute
example: iscFederalClassifications
attributeValue:
type: array
description: the values of attribute to be updated
items:
type: string
example: topSecret
example:
- topSecret
required:
- query
- operation
- values